First American Financial Corp.'s website left hundreds of millions of customer documents exposed

First American Financial Corp., a Fortune 500 real estate title insurance firm, exposed hundreds of millions of its customer's documents, according to a report by Krebs on Security. These documents were related to mortgage deals that First American Financial Corp. has engaged with, leading back to as far as 2003. Information including bank account numbers, statements, mortgages, and tax records, Social Security numbers, were exposed to anyone with a web browser.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

According to Krebs on Security, anyone who knew the URL for a valid document on First American Financial Corp.'s website could view the document "just by modifying a single digit in the link." After First American Financial Corp. was informed of this exposure, the firm disabled the portion of its site that served those recommends. 

A representative for First American Financial Corp. told Krebs on Security that "First American has learned of a design defect in an application that made possible unauthorized access to customer data," and that "The company took immediate action to address the situation and shut down external access to the application."