First American Financial left 885 million records exposed via insecure URLs

Brian Krebs has revealed that a company that primarily works in real estate insurance has left as many as 885 million records exposed on its website — going back to 2003. First American Financial Corp’s big mistake should have been obvious to anybody who would have given a second thought to security. If you had the URL for any document on its website, you could simply add or subtract one to a number in the URL to access another document.

Given the type of business this company is in, those records include incredibly private information. Krebs spoke with Ben Shoval, who brought the exposure to his attention and who says the documents potentially included “Social Security numbers, drivers licenses, account statements, and even internal…

Continue reading…

from The Verge – All Posts http://bit.ly/2wigFFN
via IFTTT