[BreachExchange] First American site bug exposed 885 million sensitive title insurance records
Richard Forno
rforno at infowarrior.org
Fri May 24 18:31:45 EDT 2019
First American site bug exposed 885 million sensitive title insurance records
News just in from security reporter Brian Krebs: Fortune 500 real estate insurance giant First American exposed approximately 885 million sensitive records because of a bug in its website.
Krebs reported that the company’s website was storing and leaking bank account numbers, statements, mortgage and tax records, Social Security numbers and driving license images in a sequential format — so anyone who knew a valid web address for a document simply had to change the address by one digit to view other documents, he said.
There was no authentication required — such as a password or other checks — to prevent access to other documents.
According to Krebs’ report, the earliest document was labeled “000000075” — with newer documents increasing in numerical order, he said.
The data goes back at least to 2003, said Krebs.......
< - >
https://techcrunch.com/2019/05/24/first-american-millions-sensitive-records/
More information about the BreachExchange
mailing list