If you've every purchased a home, you know the glut of paperwork you must sign at the title company. Now imagine having all that private data about you exposed on the internet for anyone to find!
Brian Krebs is reporting that First American Financial left millions of customer records unprotected online dating back 16 years.
The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records—including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images—were available without authentication to anyone with a Web browser.
Santa Ana, Calif.-based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in more than $5.7 billion in 2018.
Earlier this week, KrebsOnSecurity was contacted by a real estate developer in Washington state who said he’d had little luck getting a response from the company about what he found, which was that a portion of its Web site (firstam.com) was leaking tens if not hundreds of millions of records. He said anyone who knew the URL for a valid document at the Web site could view other documents just by modifying a single digit in the link.
And this would potentially include anyone who’s ever been sent a document link via email by First American.