Millions of real estate records were publicly accessible due to lax security

Stock photo of lock and data
Darwin Laganzon/Pixabay

A major financial services company, First American Corporation, has left millions of records publicly accessible on its servers. The data included bank account details, bank statements, mortgage records, driver’s license images, and Social Security numbers, and was available to access without authorization by anyone who connected to an area of the company’s website.

The company provides title insurance and settlement services, and is a major player in the real estate and mortgage industries. The publicly accessible data was discovered by a real estate developer who reported it to the company but got no response. He then shared the finding with an online security blog.

“Closing agencies are supposed to be the only neutral party that doesn’t represent someone else’s interest, and you’re required to have title insurance if you have any kind of mortgage,” Ben Shoval, the developer who discovered the leak, said to KrebsOnSecurity. “The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and even internal corporate documents if you’re a small business. You give them all kinds of private information and you expect that to stay private.”

As many as 885 million files were accessible, dating back to 2003. It is not known at this time how long the documents were exposed for, but they were available from at least March 2017. First American Corporation has not confirmed how many people’s data was vulnerable or whether cyber criminals could have been aware of the data before this week.

The company learned about the accessibility of the documents on Friday and reported that it immediately blocked external access to them and began an investigation into any resulting security issues.

“First American has learned of a design defect in an application that made possible unauthorized access to customer data,” a First American spokesperson said in a statement shared with KrebsOnSecurity. “At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.”

Gaming

GuardianCon raises $3.7 million: Bungie breaks record, but Dr. Lupo does better

Destiny developer Bungie joined this year's GuardianCon Charity Marathon Stream, breaking the record by raising $400,000 in just four hours. The proceeds of the week-long event will be donated to St. Jude Children's Research Hospital.
Small Business

The 15 best tech jobs boast top salaries, high satisfaction, lots of openings

June may be coming to an end, but the bonanza of tech jobs just keeps coming. High-paying jobs abound at companies where people love to work. If you’re ready to make a change, this is a great time to look for something more fulfilling…
Deals

The best budget-friendly GoPro alternatives that won’t leave you broke

Cold weather is here, and a good action camera is the perfect way to record all your adventures. You don't need to shell out the big bucks for a GoPro: Check out these great GoPro alternatives, including some 4K cameras, that won’t leave…
Emerging Tech

A tiny magnet accomplishes enormous feat, sets a new world record

A magnet housed in the National High Magnetic Field Laboratory has set a record for the strongest continuous DC magnetic field ever recorded. Here's why that matters to our future.
Emerging Tech

Dark matter galaxy crashed into the Milky Way, causing the ripples in its disk

New research suggests hundreds of million of years ago, the Milky Way collided with Antlia 2, a nearby dwarf galaxy dominated by dark matter. The collision caused ripples in the disk of gas around the Milky Way which we still observe today.
Computing

Microsoft reportedly thinks Slack not secure enough, prohibits internal use

Microsoft has reportedly placed Slack under the "prohibited" category in an internal list of prohibited and discouraged technology. The main reason why the company banned employees from using it is due to security concerns.
Emerging Tech

Uranus’ rings shine brightly but hold a puzzle for astronomers

New images reveal the rings around Uranus, which are almost invisible to most telescopes. But there's a strange puzzle about them -- why they don't contain any small dust-sized particles.
Gaming

Final Fantasy VIII Remastered will come with features for faster progression

Final Fantasy VIII Remastered will come with features that will enable faster progression. Players who do not want to go through the same grind as in their first playthrough will be able to activate battle enhancements, among others.
Gaming

Flyers in Apex Legends may be hinting at something monstrous for Season 2

Flying beasts have appeared in Apex Legends' King's Canyon map. While the creatures are peaceful for now, they may be hinting that something more monstrous is coming to the team-based Battle Royale shooter once Season 2 launches on July 2.
Computing

Microsoft reportedly releasing foldable Surface with 9-inch screens next year

Microsoft is reportedly planning to roll out a foldable Surface as early as the first quarter of 2020. The device, code-named Centaurus, is said to feature two 9-inch screens, Windows Lite, and Android support, according to IHS Markit.
Gaming

Blizzard suffers another blow with exit of global esports director Kim Phan

Blizzard suffered another blow with the departure of global esports director Kim Phan. Her exit comes after Overwatch League's founding commissioner Nate Nanzer left last month to join Epic Games.
Computing

The guy who invented USB finally admits it’s annoying to plug in

The man behind the team that created USB has finally acknowledged that the design has caused plenty of frustration over the years. But he insists there was a good reason for building it in the way that he did.
Mobile

The stand-alone Palm is available for purchase and still costs $350

A reboot of the classic Palm is finally here and it's tiny. It syncs to your phone and acts as a secondary device -- with a feature to help you disconnect from technology. The Palm will be available exclusively through Verizon for $350.
Cars

The hottest of all Mini hatches is coming with a Batman-approved design

The Mini John Cooper Works GP concept first seen at the 2017 Frankfurt Motor Show will go into production in 2020, Mini has confirmed. The John Cooper Works GP is the ultimate performance version of the Mini Cooper.