- Netflix’s ‘Eye for an Eye’ is a fun but messy thriller about revenge 8 Months Ago
- Which 2020 Democratic candidates post the most cringe? 8 Months Ago
- The new ‘Hunger Games’ book paints President Snow as a hero—and people are not happy Tuesday 9:03 PM
- Influencer called out for ‘troubling image’ with Kenyan child Tuesday 8:18 PM
- Professor arrested for spending $185K of grant money on iTunes and strippers Tuesday 7:28 PM
- Man cuts his books in half to make them ‘portable,’ spurs online debate Tuesday 6:09 PM
- Fans defend Lana Del Rey after she was mocked for flying commercial Tuesday 5:10 PM
- Lady Gaga fans find alleged new song name in her website’s code Tuesday 4:42 PM
- Barstool Sports deletes anti-union tweets, blog post in settlement Tuesday 3:47 PM
- The ‘can have … as a treat’ meme has come full circle Tuesday 3:09 PM
- Joe Rogan says he’s voting for Bernie Sanders Tuesday 2:54 PM
- Woman spots mole in man’s TikTok video, saves him from cancer Tuesday 2:17 PM
- ‘You’ star confirms his character is queer and ‘never will be’ straight Tuesday 1:08 PM
- This Twitch streamer pooped his pants during a broadcast Tuesday 12:17 PM
- Apple’s iCloud encryption plan halted amid FBI pressure, report Tuesday 10:57 AM
A major financial service company left hundreds of millions of private records unsecured online, exposing everything from Social Security numbers to drivers license images.
Shoval had found that anyone with a link to a document on the site could simply change a single digit in the URL to view other hosted files.
Analysis from Krebs on Security found that a total of 885 million documents, spanning as far back as 2003, could be accessed. The files included everything from bank account numbers and statements to wire transfer receipts and tax records.
Prior to releasing the story, Krebs on Security founder Brian Krebs described the incident as a “truly massive–possibly superlative–sensitive data exposure.”
After becoming aware of the issue, First American Corporation stated that it had “shut down external access to the application” on Friday.
“First American has learned of a design defect in an application that made possible unauthorized access to customer data,” the company said in a statement. “At First American, security, privacy, and confidentiality are of the highest priority and we are committed to protecting our customers’ information.”
The company added that it was “evaluating what effect, if any, this had on the security of customer information” and later told the Verge that a third-party forensics group had been hired to determine whether the data was accessed.
The California-based First American Corporation is said to employ more than 18,000 people and bring in billions in profits annually.
- Senator proposes Do Not Track bill to allow consumers to opt out of data gathering
- Tumblr security bug could have exposed users’ private data
- How to protect yourself from identity theft on the dark web
- Where do 2020 Democratic candidates stand on internet privacy?
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.