Real estate title firm reportedly has closed a hole in its website that had left hundreds of millions of real estate tile insurance files accessible without authentication, according to KrebsOnSecurity.

Dark Reading Staff, Dark Reading

May 25, 2019

1 Min Read

The website of real estate title insurance company First American Financial Corp. left exposed bank account statements, mortgage and tax information, Social Security numbers, wire transaction receipts, and driver's license images, KrebsOnSecurity reported today.

Access to some 885 million mortgage-related files dating back to 2003 did not require authentication — a security hole first spotted by a real estate developer who alerted KrebsOnSecurity about the issue on firstam.com. The exposed website was disabled as of 2 p.m. ET today, according to KrebsOnSecurity.

First American sent this statement to the news site: "First American has learned of a design defect in an application that made possible unauthorized access to customer data. At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers' information. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed."

Read more here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights