According to security publication KrebsOnSecurity, records such as bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images were available without authentication to anyone with a Web browser.
Approximately 885 million files were exposed, and many of them are records of wire transactions with bank account numbers and other information from home or property buyers and sellers.
The online publication added that First American wouldn’t comment on the overall number of records potentially exposed via their site, or how long those records were publicly available. However, a spokesperson for the company said “took immediate action to address the situation and shut down external access to the application”.
Brian Krebs emphasised that these documents were merely available from First American’s Web site and that he does not have any information to suggest the documents were somehow mass-harvested. Nevertheless, the information exposed by First American could be a virtual gold mine for phishers and scammers involved in so-called Business Email Compromise (BEC) scams.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now