The website of First American Financial Corp exposed hundreds of millions of sensitive documents online including mortgage data.
What happened?
A real estate developer in Washington state, Ben Shoval notified KrebsOnSecurity about firstam.com, a part of First American’s website that was leaking millions of sensitive records.
According to Shoval, anyone who knew the URL for a valid document at the firstam.com website could view other documents by simply modifying a single digit in the link.
The real estate developer also shared a document link which he had received from First American in a recent transaction. The link referenced a 9 digit long record number that was dated April 2019. By modifying the document number in the link by numbers yielded other peoples’ records.
KrebsOnSecurity verified Shoval’s findings and confirmed that the website has exposed approximately 885 million files, the earliest dating back more than 16 years.
What data was exposed?
What actions are being taken?
“First American has learned of a design defect in an application that made possible unauthorized access to customer data. At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information, a spokesperson for First American said.
Publisher