Monday, December 4, 2023

First American Leaked 885 Million Most Sensitive Financial Data Online

By Balaji

First American Leaked 885 Million Most Sensitive Financial Data Online

First American Financial Corp, a U.S based financial services company leaked Hundreds of Million of Most sensitive records online that related to real estate and mortgage industries.

First American Fin corp is one of the oldest company the U.S and the company running its operation nearly 130 years with the core services of real property records and image, valuation products and services, home warranty products, property and casualty insurance, and banking, trust, and investment advisory services, etc.

Leaked data includes some of the highly sensitive data such as mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images, bank account numbers and statements.

Most importantly, Due to the lacking of security measures, the data were available to access anyone through the browser without any authentication.

Ben Shoval, A Real Estate developer recently uncovered the portion of First American owned web firstam.com that leaked hundreds of millions of records.

He reported to kerbs that says, “anyone who knew the URL for a valid document at the Web site could view other documents just by modifying a single digit in the link.

After the Further investigation, Kerbs confirms that the First American’s Web site exposed approximately 885 million files, the earliest dating back more than 16 years.

Tons of Exposed files contain some of the sensitive financial records, including the data about the wire transactions with bank account numbers and other information from home or property buyers and sellers.

Ben said. “The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and even internal corporate documents if you’re a small business. You give them all kinds of private information and you expect that to stay private.”

First American released a statement that says, “First American has learned of a design defect in an application that made possible unauthorized access to customer data.  At First American, security, privacy, and confidentiality are of the highest priority and we are committed to protecting our customers’ information. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect if any, this had on the security of customer information. We will have no further comment until our internal review is completed.”

It’s unclear how long the data were being in the online left open to access by anyone and any attacker stolen this First American’s financial information.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

49 Million Instagram Influencers, Celebrities Personal Data Leaked Online

Box Data Leak – Terabytes of Data Exposed from Companies Using cloud based Box Accounts

SBI Data Leak – Millions of Customers Data Leaked From Unsecured Server

NASA Data Leak – Internal App Leaked NASA Staff and Project Sensitive data

Managed WAF Protection

Website

Latest articles

cyber security

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...
Chrome

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...
CVE/vulnerability

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...
Cyber Security News

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...
Cyber Security News

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...
CVE/vulnerability

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...
cyber security

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Register Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

[email protected]