好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,抓住关键信息。 文章主要讲的是PayPal发生了一次数据泄露事件,持续了六个月,从2025年7月1日到12月13日。原因是PayPal Working Capital贷款应用中的软件错误。泄露的信息包括用户的姓名、邮箱、电话号码、地址、社会安全号码和出生日期。 PayPal在发现漏洞后已经修复了问题,并且没有因为执法调查而延迟通知用户。他们采取了措施,比如重置密码、加强安全检查,并为受影响的用户提供两年的免费信用监控和身份恢复服务。 用户需要注意账户活动,防范欺诈行为,并通过Equifax注册免费的信用监控服务。 总结的时候,我需要涵盖时间范围、原因、泄露的信息以及PayPal的应对措施。同时要简洁明了,不超过100字。 </think> PayPal因贷款应用软件错误导致六个月的数据泄露,暴露用户敏感信息如社会安全号码和地址。问题已修复,公司提供两年免费信用监控服务以应对潜在风险。 2026-2-20 22:3:21 Author: securityaffairs.com(查看原文) 阅读量:2 收藏
PayPal discloses extended data leak linked to Loan App glitch
Pierluigi Paganini
February 20, 2026
PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error.
PayPal has disclosed a data breach caused by a software bug in its PayPal Working Capital loan app. The flaw exposed sensitive customer information, including customers’ business contact details (name, email, phone number, address), along with Social Security numbers and dates of birth, since July 1, 2025, before it was discovered and fixed.
On December 12, 2025, PayPal discovered that a coding error in its PayPal Working Capital loan application had exposed the personal information of a small number of customers to unauthorized parties between July 1 and December 13, 2025. The company has since addressed the issue and said the notification was not delayed due to any law enforcement investigation.
“On December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital (“PPWC”) loanapplication, the PII of a small number of customers was exposed to unauthorized individuals during thetimeframe of July 1, 2025 to December 13, 2025. PayPal has since rolled back the code change responsiblefor this error, which potentially exposed the PII.” reads the data breach notification. “We have not delayed this notification as a result of any law enforcement investigation”
After detecting the unauthorized access, the company launched an investigation, blocked the intrusion, and reset affected passwords. PayPal also announced the implementation of stronger security checks. The company confirmed that a small number of customers observed unauthorized transactions, which have already been refunded.
The company also offers impacted users two years of complimentary credit monitoring and identity restoration services through Equifax.
Affected users should closely monitor their accounts, transaction history, and free credit reports for suspicious activity and report any fraud immediately. Customers are also encouraged to enroll in complimentary three-bureau credit monitoring through Equifax by June 30, 2026. The company advises reviewing guidance on fraud alerts, free credit reports, and FTC resources to better protect personal information.
In January 2023, PayPal announced that 34942 customers’ accounts had been compromised between December 6 and December 8, 2022. The company added that the unauthorized access was the result of credential stuffing attacks and that its systems were not breached.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
如有侵权请联系:admin#unsafe.sh