Tech
Data of millions of clients of U.S insurance company left unprotected
A website for a major title insurance company exposed hundreds of millions of records including bank account information, Social Security numbers, images of drivers’ licenses and mortgage and tax records, security expert Brian Krebs found.
First American Financial, which serves as a neutral party to help finalize real estate transactions, left approximately 885 million exposed to anyone who had the correct URL, Krebs found. No password was needed, just a web browser.
The information was secured on Friday, and it’s unclear if fraudsters accessed or abused the data before it was taken down.
A real estate developer reportedly alerted Krebs to the problem after he noticed he could access sensitive documents on the First American website by altering the string of digits at the end of a URL. The earliest document identified was from 2003 and the data included records through 2019.
Read also: Japan’s maiden commercially developed rocket reaches outer space for the first time
In a statement, First American said it fixed the problem.
“We are currently evaluating what effect, if any, this had on the security of customer information,” the company said. “We have hired an outside forensic firm to assure us that there has not been any meaningful unauthorized access to our customer data.”
The flaw is another example of how organizations can leak sensitive data through basic errors. On Tuesday, Google revealed findings it had been inadvertently storing some user passwords in plaintext, eschewing the industry standard practice of encrypting login credentials.
And on Wednesday, a researcher detailed how Instagram had been including personal contact information for users in its website’s source code.
Join the conversation
Support Ripples Nigeria, hold up solutions journalism
Balanced, fearless journalism driven by data comes at huge financial costs.
As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.
If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.
Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.
German Police bust alleged Nigerian scam dating ring
German authorities have arrested eleven individuals suspected of being members of a Nigerian mafia group involved in a large-scale dating...
INVESTIGATION: In Kwara, multimillion-naira milk processing plant is abandoned, converted to a chicken outlet
After the government spent millions of naira to establish a milk processing plant in Kwara State that would provided jobs...
SPECIAL REPORT: For Sokoto communities, promise of healthcare is akin to death sentence
In this story, ABDULRASHEED HAMMAD delves into the dire realities of Primary Health Care services in Sokoto State, shedding light...
ICYMI…SPECIAL REPORT: NNPCL hides behind PIA to frustrate disclosure, accountability
Nigeria’s major oil company, Nigerian National Petroleum Corporation Limited (NNPCL), in what appears to be a common practice of disregard...
INVESTIGATION: Multi-million naira Ekiti resort center remains uncompleted a decade after
The multimillion-naira project, expected to comprise recreational buildings, now consists of cassava farmland, a bush used for excretion, and a...