[{"data":1,"prerenderedAt":187},["ShallowReactive",2],{"story-114417-cn":3},{"id":4,"slug":5,"slugs":5,"currentSlug":5,"title":6,"subtitle":7,"coverImagesSmall":8,"coverImages":9,"content":35,"questions":36,"relatedArticles":61,"body_color":185,"card_color":186},"114417",null,"PayPal Working Capital Breach Exposes 100 Sellers | Financing Risk Alert","- 6-month undetected vulnerability compromised SSNs and business data; sellers relying on PPWC financing face account takeover and phishing risks",[],[10,11,12,13,14,15,16,17,18,19,20,21,22,23,18,24,25,18,26,27,28,29,30,31,32,33,34],"https://phantom.estaticos-marca.com/ffe000b064dbfa7a5a09e18318c1045c/crop/0x0/2046x1364/resize/1200/f/webp/assets/multimedia/imagenes/2026/02/22/17717539962623.jpg","https://www.techdigest.tv/wp-content/uploads/2021/02/PayPal.jpeg","https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjw1CHysbF7giX7TZhAovXUheNu7-bD9eQ7dLsi2jYcCd7PdkZX3VTamOGxgx4h84PQHBRgmwYaRI1UPPr1XZq3kTD0DfWPGzMg_aKK-AcimgeWJIIg_gQ3lbVAPGvRx171_RNZ9oNLrX0eS9-NW9WdaRtGHXCdHSMqNXJH9r6brf8jhSpI2gYqi2OmcrPD/s16000/PayPal%20Data%20Breach%20(1).webp","https://news.google.com/api/attachments/CC8iK0NnNXpRM2swWmtKak1UQkVYMDlYVFJDTkF4akNCU2dLTWdZWlZvNUpLZ1k","https://jang.com.pk/assets/uploads/updates/2026-02-21/60366_2060086_paypalll_updates.jpg","https://i1.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsIKVTurYXBXxd-QVnzZStd3bc9TEded0y3Ul5hZxjchGYXAsFplVdlX49Ypa_6fEsWLLpazAnfd5Xq2vpOUXqYrfKmi5hvWK-odwBXeAqHj9ITsPKSbJtu1Dq7FIgGhCrMZAZRx8tvnE__MTnF7DyD-o6SH6FtO6zb9aeHoDf_vTNOFr2FHn9FYBQKjVj/s16000/PayPal%20Data%20Breach.webp?w=1600&resize=1600,900&ssl=1","https://d.ibtimes.co.uk/en/full/1760874/paypal-logo.png?w=736&f=e32b5e5b4583ca492423f2963d70ba6a","https://www.techzine.eu/wp-content/uploads/2026/02/paypal.jpg","https://imageio.forbes.com/specials-images/imageserve/6998717a172c877d38294fc7/PayPal-logo-on-smartphone--sitting-atop-a-keyboard-/0x0.jpg?format=jpg&width=480","https://cdn.businessday.ng/2021/03/Untitled-design-2021-03-16T164317.105.png","https://the420.in/wp-content/uploads/2026/02/paypal.jpeg","https://nigerianbulletin.com/attachments/paypal-ap-webp.251569/","https://www.filmogaz.com/uploads/images/202602/image_870x_699bb7bba3b43.webp","https://www.thenews.com.pk/assets/uploads/updates/2026-02-22/1393256_073211_updates.jpg","https://i0.wp.com/securityaffairs.com/wp-content/uploads/2013/05/hack-paypal.jpg?fit=650%2C366&ssl=1&resize=1280%2C720","https://www.geo.tv/assets/uploads/updates/2026-02-21/652146_9341749_updates.jpg","https://sqmagazine.co.uk/wp-content/uploads/2026/02/paypal-confirms-software-error-exposes-sensitive-data.jpg","https://media.licdn.com/dms/image/v2/D4E12AQEic1o63ytenQ/article-cover_image-shrink_720_1280/B4EZx8odi2IMAM-/0/1771617513958?e=2147483647&v=beta&t=v4RrFEoCxO0L_qA3UxZQxh9jD4De7HLqtDVGcfafH1g","https://www.bleepstatic.com/content/hl-images/2026/02/20/PayPal-headpic.jpg","https://www.cybersecurity-insiders.com/wp-content/uploads/Attack-6.jpeg","https://blog-meyka-wordpress.s3.us-east-2.amazonaws.com/wp-content/uploads/2026/02/featured_image-10455.png","https://www.gadgetpilipinas.net/wp-content/uploads/2026/02/PayPal-Data-Exposure-Incident-2025.jpg","https://cyberinsider.com/wp-content/uploads/2026/02/PayPal-notifies-PPWC-customers-of-five-month-long-data-breach.png","https://i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuibjupESTznfGjbREiXB4ZchsyXM1ZsZ1z_Z_Ri_jQJS-Nx8HMou8B7fBhVzFRJkerEV4X7_DEmkGPdMJVTuXEck51QbNwLzNdDVFXbI4aM5jpuKckN64rp7GOlsCJ-73d4RfAQlbufytP5iRg2ZIOB7KTAgYM4p0gJ8sK7IxyZSkwuL9gl2u4WN4r367/s1600/paypal%20data%20breach.webp?w=1600&resize=1600,900&ssl=1","https://www.racunalniske-novice.com/wp-content/uploads/2020/10/221020_paypal_crypto1.jpg","**PayPal's PayPal Working Capital (PPWC) loan platform suffered a critical data breach affecting approximately 100 small business users between July 1 and December 12, 2025—a six-month detection gap that exposed highly sensitive information including Social Security numbers, business addresses, email addresses, phone numbers, and dates of birth.** The vulnerability stemmed from a code change error in the PPWC application system, not PayPal's core infrastructure. A small subset of affected customers experienced unauthorized transactions, prompting PayPal to issue refunds and offer two years of complimentary credit monitoring through Equifax.\n\n**For cross-border e-commerce sellers, this incident creates immediate financing and cash flow risks.** Approximately 100 PPWC users—primarily small business sellers using PayPal's lending products for working capital—now face elevated exposure to targeted phishing attacks and identity theft. The exposed data (SSNs, business addresses) enables sophisticated social engineering attacks that can compromise seller accounts, disrupt inventory financing, and delay critical cash flow cycles. Sellers relying on PPWC for seasonal inventory purchases or cross-border expansion face potential account lockdowns during critical selling periods. The six-month detection gap raises serious questions about PayPal's security monitoring capabilities, particularly concerning for sellers managing multi-currency transactions and international payment flows.\n\n**This breach reflects broader fintech security vulnerabilities affecting seller financing ecosystems.** PayPal's history includes a 2023 credential stuffing attack affecting 434,942 accounts and multiple phishing campaigns in late 2025 exploiting PayPal's billing infrastructure. For sellers using PPWC as a primary financing source—particularly those in high-velocity categories like electronics, apparel, and home goods—account compromise could trigger immediate cash flow crises. The incident highlights critical gaps in change management processes and data protection practices within payment processor platforms. Sellers should immediately audit their PPWC account activity, implement multi-factor authentication, and consider diversifying financing sources across alternative providers (Stripe Capital, Square Loans, Amazon Lending) to reduce single-platform dependency.\n\n**Immediate financial implications for affected sellers include working capital disruption, potential unauthorized transaction losses, and increased fraud monitoring costs.** The breach also signals broader platform risk—if PayPal's application-level security contains vulnerabilities, other seller-facing products (PayPal Commerce Platform, PayPal Checkout) may face similar risks. Sellers managing cross-border payments through PayPal should evaluate alternative payment processors offering stronger security protocols and faster fraud detection. The incident underscores the importance of robust account security practices, regular monitoring for unauthorized activity, and maintaining backup financing relationships to ensure business continuity during security incidents.",[37,40,43,46,49,52,55,58],{"title":38,"answer":39,"author":5,"avatar":5,"time":5},"How long did PayPal take to detect the PPWC security vulnerability?","PayPal took six months to detect the vulnerability—from July 1, 2025, when unauthorized access began, until December 12, 2025, when the security team discovered the breach. The vulnerability resulted from a code change error in the PPWC application system. PayPal immediately rolled back the faulty code on December 13, 2025, and reset passwords for affected accounts. This six-month detection gap raises serious questions about PayPal's security monitoring capabilities and incident response procedures, particularly concerning for sellers managing time-sensitive cross-border transactions and seasonal inventory financing.",{"title":41,"answer":42,"author":5,"avatar":5,"time":5},"What alternative financing options should sellers consider after the PayPal breach?","Sellers should diversify financing sources to reduce dependency on PayPal PPWC, particularly given the platform's security history (2023 credential stuffing attack affecting 434,942 accounts, multiple 2025 phishing campaigns). Alternative providers include Stripe Capital (2-8% fee, 3-5 day funding), Square Loans (up to $250K, 3-6 month terms), Amazon Lending (for FBA sellers, 0% interest for 12 months), and traditional merchant cash advances (6-18% APR). Evaluate each provider's security protocols, fraud detection speed, and account recovery procedures before committing working capital to a single platform.",{"title":44,"answer":45,"author":5,"avatar":5,"time":5},"How does the PayPal PPWC breach affect sellers using the platform for inventory financing?","The breach exposed approximately 100 PPWC users' Social Security numbers, business addresses, and personal data over a six-month period (July-December 2025), creating immediate risk for account takeover and unauthorized transactions. Sellers relying on PPWC for working capital face potential account lockdowns during critical selling seasons, disrupting cash flow cycles and inventory purchases. PayPal confirmed unauthorized transactions on a small subset of accounts and issued refunds, but sellers should immediately enable multi-factor authentication, monitor account activity daily, and consider diversifying financing sources across Stripe Capital, Square Loans, or Amazon Lending to reduce single-platform dependency.",{"title":47,"answer":48,"author":5,"avatar":5,"time":5},"What specific seller information was compromised in the PayPal data breach?","The PayPal Working Capital platform exposed names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth for approximately 100 affected customers. This combination of data enables sophisticated targeted phishing attacks and identity theft specifically designed for small business owners. The exposure of business addresses creates particular risk for location-based social engineering attacks. Affected sellers should enroll in the complimentary two-year credit monitoring service through Equifax and monitor their business credit reports for fraudulent account applications or loan requests.",{"title":50,"answer":51,"author":5,"avatar":5,"time":5},"What does PayPal's history of security incidents suggest about platform reliability?","PayPal's security track record raises significant concerns: 2023 credential stuffing attack (434,942 accounts), multiple phishing campaigns in late 2025 exploiting PayPal's billing features and legitimate infrastructure, and now the PPWC application-level vulnerability (6-month detection gap). This pattern suggests systemic gaps in change management, code review processes, and security monitoring. For sellers managing critical cash flow through PayPal, this history indicates elevated risk of future incidents. Implement strict account monitoring, maintain backup financing relationships, and consider gradually shifting payment processing to providers with stronger security certifications (SOC 2 Type II, ISO 27001) and faster incident response times.",{"title":53,"answer":54,"author":5,"avatar":5,"time":5},"What is the timeline for PayPal's security remediation and seller notification?","PayPal detected the vulnerability on December 12, 2025, and immediately rolled back the faulty code on December 13, 2025. Breach notification letters were dated February 10, 2026, indicating a two-month notification delay after remediation. PayPal terminated the attacker's access, reset passwords for affected accounts, and offered two years of complimentary credit monitoring through Equifax. Sellers should have received notification if their accounts were affected. PayPal recommends all users implement multi-factor authentication immediately and monitor accounts for suspicious activity going forward.",{"title":56,"answer":57,"author":5,"avatar":5,"time":5},"What immediate security actions should PPWC sellers take following this breach?","Affected sellers should immediately: (1) Enable multi-factor authentication on PayPal accounts within 24 hours, (2) Reset passwords using a unique, 16+ character combination, (3) Monitor account activity daily for unauthorized transactions, (4) Enroll in Equifax's complimentary two-year credit monitoring service, (5) Review recent PPWC loan applications and funding transfers for anomalies, (6) Monitor business credit reports for fraudulent loan applications, (7) Set up fraud alerts with credit bureaus, and (8) Consider shifting 20-30% of working capital needs to alternative financing providers to reduce PayPal exposure during the incident response period.",{"title":59,"answer":60,"author":5,"avatar":5,"time":5},"How does this breach impact cross-border sellers managing multi-currency transactions?","Cross-border sellers using PayPal for both PPWC financing and international payment processing face compounded risk. Account compromise could trigger simultaneous disruptions: (1) PPWC loan access suspension during account recovery, (2) payment processing delays affecting customer refunds and chargebacks, (3) currency conversion delays impacting FX arbitrage opportunities, and (4) potential holds on international transfers. Sellers should immediately audit their PayPal account for unauthorized currency conversions or international transfers, verify all connected bank accounts and payment methods, and establish backup payment processors (Wise, Stripe, 2Checkout) for cross-border transactions to ensure business continuity.",[62,67,72,76,80,85,89,93,97,101,105,109,113,117,122,125,129,133,137,141,145,149,153,157,161,165,169,173,177,181],{"id":63,"title":64,"source":65,"logo":5,"time":66},463838,"PayPal says cyber incident left Social Security numbers exposed for months","https://cybernews.com/security/paypal-six-month-breach-ssn-working-capital-app/","3天前",{"id":68,"title":69,"source":70,"logo":10,"time":71},463779,"Millions at risk? PayPal confirms cyberattack and resets passwords","https://www.marca.com/en/lifestyle/us-news/personal-finance/2026/02/22/699acefeca474135238b458a.html","2天前",{"id":73,"title":74,"source":75,"logo":18,"time":71},463836,"PayPal Data Breach Confirmed—Money Was Stolen, Passwords Now Reset","https://www.forbes.com/sites/daveywinder/2026/02/22/paypal-confirms-data-breach---money-stolen-passwords-reset/",{"id":77,"title":78,"source":79,"logo":5,"time":66},463837,"PayPal Flaw Exposed Email Addresses, Social Security Numbers for 6 Months","https://www.techrepublic.com/article/news-paypal-working-capital-data-exposure-2025/",{"id":81,"title":82,"source":83,"logo":17,"time":84},463797,"PayPal leaked sensitive data for six months due to software error","https://www.techzine.eu/news/security/138969/paypal-leaked-sensitive-data-for-six-months-due-to-software-error/","4天前",{"id":86,"title":87,"source":88,"logo":15,"time":84},463798,"PayPal Data Breach Exposes SSNs and Business PII of Customers for Over Six Months","https://cybersecuritynews.com/paypal-data-breach-expose-customer-data/",{"id":90,"title":91,"source":92,"logo":30,"time":71},463777,"PYPL Stock Today: February 22 — Data Breach Limited to ~100 Accounts","https://meyka.com/blog/pypl-stock-today-february-22-data-breach-limited-to-100-accounts-2202/",{"id":94,"title":95,"source":96,"logo":28,"time":84},463799,"PayPal discloses data breach that exposed user info for 6 months","https://www.bleepingcomputer.com/news/security/paypal-discloses-data-breach-exposing-users-personal-information/",{"id":98,"title":99,"source":100,"logo":23,"time":71},463778,"PayPal data breach exposed sensitive user data for six-month period; what you need to know","https://www.thenews.com.pk/latest/1393256-paypal-data-breach-exposed-sensitive-user-data-for-six-month-period-what-you-need-to-know",{"id":102,"title":103,"source":104,"logo":32,"time":84},463793,"PayPal notifies PPWC customers of five-month-long data breach","https://cyberinsider.com/paypal-notifies-ppwc-customers-of-five-month-long-data-breach/",{"id":106,"title":107,"source":108,"logo":29,"time":84},463794,"PayPal becomes victim to data breach leaking users Social Security Numbers","https://www.cybersecurity-insiders.com/paypal-becomes-victim-to-data-breach-leaking-users-social-security-numbers/",{"id":110,"title":111,"source":112,"logo":12,"time":84},463795,"PayPal Data Breach – Customers Names, SSNs, and Dates of Birth Exposed","https://cyberpress.org/paypal-data-breach/",{"id":114,"title":115,"source":116,"logo":18,"time":84},463796,"PayPal Confirms Data Breach — Money Stolen, Passwords Reset","https://www.forbes.com/sites/daveywinder/2026/02/20/paypal-confirms-data-breach---money-stolen-passwords-reset/",{"id":118,"title":119,"source":120,"logo":22,"time":121},464493,"PayPal Data Breach Working Capital: Coding Error Exposed SSNs for Six Months","https://www.filmogaz.com/163180","1天前",{"id":123,"title":74,"source":124,"logo":18,"time":66},463780,"https://www.forbes.com/sites/daveywinder/2026/02/21/paypal-confirms-data-breach---money-stolen-passwords-reset/",{"id":126,"title":127,"source":128,"logo":11,"time":66},463781,"PayPal confirms data breach, OpenAI considered alerting police about shooter","https://www.techdigest.tv/2026/02/paypal-confirms-data-breach-openai-considered-alerting-police-about-shooter.html",{"id":130,"title":131,"source":132,"logo":14,"time":66},463786,"PayPal data breach: Here's what you need to know about cyber attack","https://jang.com.pk/en/60366-paypal-data-breach-heres-what-you-need-to-know-news",{"id":134,"title":135,"source":136,"logo":16,"time":121},465426,"PayPal Security Breach: Millions at Risk","https://www.ibtimes.co.uk/paypal-data-breach-exposes-sensitive-user-information-1780867",{"id":138,"title":139,"source":140,"logo":27,"time":66},463787,"REVEALED: PayPal Exposed Sensitive User Data For Six-Month Period","https://www.linkedin.com/pulse/revealed-paypal-exposed-sensitive-user-data-six-month-xxxbe",{"id":142,"title":143,"source":144,"logo":31,"time":121},465425,"PayPal Reveals Prolonged Sensitive Data Exposure Incident in 2025","https://www.gadgetpilipinas.net/2026/02/paypal-data-exposure-2025/",{"id":146,"title":147,"source":148,"logo":26,"time":66},463788,"PayPal Confirms Software Error Exposes Sensitive Data","https://sqmagazine.co.uk/paypal-software-error-sensitive-data-breach/",{"id":150,"title":151,"source":152,"logo":24,"time":66},463789,"PayPal discloses extended data leak linked to Loan App glitch","https://securityaffairs.com/188309/data-breach/paypal-discloses-extended-data-leak-linked-to-loan-app-glitch.html",{"id":154,"title":155,"source":156,"logo":34,"time":66},465427,"PayPal confirms data breach. Money stolen and user passwords reset!","https://www.racunalniske-novice.com/en/paypal-confirms-data-breach-money-stolen-and-user-passwords-reset/",{"id":158,"title":159,"source":160,"logo":25,"time":66},463782,"PayPal data breach confirmed: Users urged to reset passwords","https://www.geo.tv/latest/652146-paypal-data-breach-confirmedusers-urged-to-reset-passwords",{"id":162,"title":163,"source":164,"logo":21,"time":66},463783,"PayPal Confirms Data Breach, Says Money Stolen From Some Accounts","https://nigerianbulletin.com/ams/paypal-confirms-data-breach-says-money-stolen-from-some-accounts.24766/",{"id":166,"title":167,"source":168,"logo":20,"time":66},463784,"PayPal Data Breach: Customer Information Exposed, Passwords Reset And Unauthorized Transactions Confirmed","https://the420.in/paypal-working-capital-data-breach-ssn-exposure-2026/",{"id":170,"title":171,"source":172,"logo":19,"time":66},463785,"PayPal confirms data exposure triggered forced password reset","https://businessday.ng/technology/article/paypal-confirms-data-exposure-triggered-forced-password-reset/",{"id":174,"title":175,"source":176,"logo":5,"time":66},463790,"PayPal Flaw Exposed Sensitive Data in Lending App for Six Months","https://www.esecurityplanet.com/threats/paypal-flaw-exposed-sensitive-data-in-lending-app-for-six-months/",{"id":178,"title":179,"source":180,"logo":13,"time":84},463791,"PayPal Warns Of Exposed Social Security Numbers In 6-Month Data Breach","https://hothardware.com/news/paypal-warns-of-exposed-social-security-numbers-in-6-month-data-breach",{"id":182,"title":183,"source":184,"logo":33,"time":84},463792,"PayPal Data Breach – 6 Months of Users’ Data Leaked Online","https://gbhackers.com/paypal-data-breach-2026/","#07f465ff","#07f4654d",1771986678197]