News just in from security reporter Brian Krebs: Fortune 500 real estate insurance giant First American exposed approximately 885 million sensitive records because of a bug in its website.
Krebs reported that the company’s website was storing and exposing bank account numbers, statements, mortgage and tax records, Social Security numbers and driving license images in a sequential format — so anyone who knew a valid web address for a document simply had to change the address by one digit to view other documents, he said.
There was no authentication required — such as a password or other checks — to prevent access to other documents.
According to Krebs’ report, the earliest document was labeled “000000075” — with newer documents increasing in numerical order, he said.
The data goes back at least to 2003, said Krebs.
“Many of the exposed files are records of wire transactions with bank account numbers … Read the rest