The largest real estate title insurance company in the United States named First American has just won an awful silver medal. A currently going data leak at the company seems to have exposed the transaction records of about 900 million customers that make it the second largest data breach in the history of security breaches behind the 3 billion accounts that were highly impacted by the Yahoo! Hack of 2013.
The news was brought to light by the report of Brian Krebs of the KrebsOnSecurity that stated the documents involved the mortgage deals dating back 16 years to 2003. The leaked documents also included bank account numbers and transaction records, driver’s licence images, Social Security Numbers, tax records and more.
Moreover, it has been learnt that the data leak was not the result of a phishing scam or an insecure Amazon bucket. It seems that First American has failed to secure the unique URLs to all the data leak documents properly, using a sequential system and allowing anyone to access the customer information by simply entering the right URL into a web browser. This devastating data leak was not discovered by the security researchers, neither did it appear on the dark web. But it has been detected by the real estate developer named Ben Shoval belonging to the state of Washington. He has noticed that by simply raising or lowering a single digit in the document URL that were sent to him piled up with sensitive data belonging to other people. Shoval attempted to bring the issue to the attention of First American but due to no response from them, he turned to Krebs for help.
The vulnerability window records at least 885 million data leak documents available. Following the data leak, the company has disabled the leaky URLs.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.