- People are roasting this ‘traditional’ take on marriage with a hilarious meme Saturday 5:17 PM
- The internet just collectively realized that the Neopets of the world must be hungry Saturday 4:00 PM
- Alt-right message board 8chan was served a search warrant Saturday 3:06 PM
- O.J. Simpson just joined Twitter in the most bizarre fashion Saturday 1:20 PM
- Prominent phone-hacking firm says it can unlock any iPhone for law enforcement Saturday 12:39 PM
- Hundreds of police officers belong to extremist Facebook groups, investigation finds Saturday 9:31 AM
- How to watch Tyson Fury vs. Tom Schwarz online Saturday 8:00 AM
- ‘Late Night’ is a disappointing, tepid comedy Saturday 7:00 AM
- How to stream ‘Love It or List It’ for free Saturday 7:00 AM
- How to watch the 2019 Concacaf Gold Cup online for free Saturday 6:55 AM
- Borderlands 3 preview suggests the aging series can still hang with the cool kids Saturday 6:30 AM
- How to stream the 2019 College World Series for free Saturday 6:00 AM
- Police try to solve domestic violence by giving victims blunt kitchen knives Friday 5:40 PM
- Privacy activist Ola Bini detained for 2 months in Ecuador without charges Friday 5:01 PM
- Twitter says suspending ‘God’ for a pro-LGBTQ tweet was an ‘error’ Friday 4:14 PM
Financial service company left 885 million private records exposed online
A major financial service company left hundreds of millions of private records unsecured online, exposing everything from Social Security numbers to drivers license images.
Shoval had found that anyone with a link to a document on the site could simply change a single digit in the URL to view other hosted files.
Analysis from Krebs on Security found that a total of 885 million documents, spanning as far back as 2003, could be accessed. The files included everything from bank account numbers and statements to wire transfer receipts and tax records.
Prior to releasing the story, Krebs on Security founder Brian Krebs described the incident as a “truly massive–possibly superlative–sensitive data exposure.”
After becoming aware of the issue, First American Corporation stated that it had “shut down external access to the application” on Friday.
“First American has learned of a design defect in an application that made possible unauthorized access to customer data,” the company said in a statement. “At First American, security, privacy, and confidentiality are of the highest priority and we are committed to protecting our customers’ information.”
The company added that it was “evaluating what effect, if any, this had on the security of customer information” and later told the Verge that a third-party forensics group had been hired to determine whether the data was accessed.
The California-based First American Corporation is said to employ more than 18,000 people and bring in billions in profits annually.
- Senator proposes Do Not Track bill to allow consumers to opt out of data gathering
- Tumblr security bug could have exposed users’ private data
- How to protect yourself from identity theft on the dark web
- Where do 2020 Democratic candidates stand on internet privacy?
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.