First American Financial Corp is a Fortune 500 company that insures titles on peoples’ property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers’ licenses, tax records, mortgage records, etc — when notified of the error, the company (which employs 18,000 people and grossed more than $5.7B last year) closed the misconfiguration.
It’s not clear whether or which records were compromised.
The error was in the company’s customer portal, which anyone who ever closed a real-estate purchase mediated by First American would have accessed. All it took to gain access to other peoples’ records was to change the customer number in the portal, adding or subtracting one to step through every customer on file, back to 2003.
KrebsOnSecurity confirmed the real estate developer’s findings, which indicate that First American’s Web site exposed approximately 885 million files, the earliest dating back more than 16 years. No authentication was required to read the documents.
Many of the exposed files are records of wire transactions with bank account numbers and other information from home or property buyers and sellers. Ben Shoval, the developer who notified KrebsOnSecurity about the data exposure, said that’s because First American is one of the most widely-used companies for real estate title insurance and for closing real estate deals — where both parties to the sale meet in a room and sign stacks of legal documents.
“Closing agencies are supposed to be the only neutral party that doesn’t represent someone else’s interest, and you’re required to have title insurance if you have any kind of mortgage,” Shoval said.
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records [Brian Krebs/Krebs on Security]
(via The Verge)
A new study reported in Nature (Sci-Hub mirror) tracks down the origins of the mysterious rise in CFC-11, a banned ozone-depleting greenhouse gas whose rise was first reported a year ago, and blames the increase on manufacturing in eastern China.
Mark Zuckerberg offered to let Chinese premier Xi Jinping name his firstborn (seriously), Apple purged the Chinese App Store of privacy tools at the request of the politburo; Google secretly built a censoring search-engine for use in China, but America’s Big Tech companies are sounding the alarm that they will no longer be able to […]
Mountain View — home to some of Silicon Valley’s most profitable companies, including Google — is one of the most expensive places in the world to live, thanks to the sky-high wages commanded by techies, who have gone on to bid up all the real-estate in the region.
If you’re into tools or gadgets, Memorial Day weekend is your Christmas. Take an extra 15% off the final price of these DIY accessories – all of which are already on sale – by entering the promo code WEEKEND15. LUXJET Universal 24-in-1 Magnetic Screwdriver Set & Repair Kit This small but sturdy kit won the […]
If you can build a cloud infrastructure, you can build a business. Companies are overwhelmingly turning to cloud computing to set up or bolster their network, and it’s easy to see why. It allows on-demand access to processing power, a la carte services, and nearly unlimited storage, all without adding extra systems and the maintenance […]
Does your gaming setup need an upgrade? No need to wait for Christmas. We’ve rounded up the latest tech accessories for your favorite video game platforms. All of them are already sale priced, but you can knock an additional 15% off the final price for Memorial Day by using the online code WEEKEND15. Audeze Mobius […]