According to security publication KrebsOnSecurity, records such as bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images were available without authentication to anyone with a Web browser.
Approximately 885 million files were exposed, and many of them are records of wire transactions with bank account numbers and other information from home or property buyers and sellers.
The online publication added that First American wouldn’t comment on the overall number of records potentially exposed via their site, or how long those records were publicly available. However, a spokesperson for the company said “took immediate action to address the situation and shut down external access to the application”.
Brian Krebs emphasised that these documents were merely available from First American’s Web site and that he does not have any information to suggest the documents were somehow mass-harvested. Nevertheless, the information exposed by First American could be a virtual gold mine for phishers and scammers involved in so-called Business Email Compromise (BEC) scams.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.