Nearly 885 million records of mortgage paperwork and bank details have been exposed. As a prominent financial service company- First American Financial Corporation has left all of these records open and exposed on its website. The records go all the way back to 2003.
Cybersecurity researcher Brian Krebs revealed the major flaw of the Corp’s website. The flaw was a massive one and anyone could access it- with just the URL or by changing a number in it to access more docs. And when a company is primarily dealing with financial matters, the exposed records and data are extremely private information. According to Krebs, account statements, social security numbers, driver’s licenses, and other internal documents were left open and exposed.
Once the report went online, First American has shut down the defect in the website. There is still no information if any of the exposed data was misused or breached. In a statement to Krebs, First American Financial said, “The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.”
The company has also hired a third-party team to look into the complete issue. When the URLs aren’t protected with strong passwords, you can actually access a lot of information. And when the company has left it open and unprotected for as long as 16 years, it’s “truly a massive” data breach.