BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

First American site bug exposed 885 million sensitive title insurance records

From: Richard Forno <rforno () infowarrior org>
Date: Fri, 24 May 2019 18:31:45 -0400
First American site bug exposed 885 million sensitive title insurance records

News just in from security reporter Brian Krebs: Fortune 500 real estate insurance giant First American exposed 
approximately 885 million sensitive records because of a bug in its website.

Krebs reported that the company’s website was storing and leaking bank account numbers, statements, mortgage and tax 
records, Social Security numbers and driving license images in a sequential format — so anyone who knew a valid web 
address for a document simply had to change the address by one digit to view other documents, he said.

There was no authentication required — such as a password or other checks — to prevent access to other documents.

According to Krebs’ report, the earliest document was labeled “000000075” — with newer documents increasing in 
numerical order, he said.

The data goes back at least to 2003, said Krebs.......

< - >

https://techcrunch.com/2019/05/24/first-american-millions-sensitive-records/

_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange
Previous By Date Next
Previous By Thread Next

Current thread: