BreachExchange mailing list archives
First American site bug exposed 885 million sensitive title insurance records
From: Richard Forno <rforno () infowarrior org>
Date: Fri, 24 May 2019 18:31:45 -0400
First American site bug exposed 885 million sensitive title insurance records News just in from security reporter Brian Krebs: Fortune 500 real estate insurance giant First American exposed approximately 885 million sensitive records because of a bug in its website. Krebs reported that the company’s website was storing and leaking bank account numbers, statements, mortgage and tax records, Social Security numbers and driving license images in a sequential format — so anyone who knew a valid web address for a document simply had to change the address by one digit to view other documents, he said. There was no authentication required — such as a password or other checks — to prevent access to other documents. According to Krebs’ report, the earliest document was labeled “000000075” — with newer documents increasing in numerical order, he said. The data goes back at least to 2003, said Krebs....... < - > https://techcrunch.com/2019/05/24/first-american-millions-sensitive-records/ _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- First American site bug exposed 885 million sensitive title insurance records Richard Forno (May 28)