$type=slider$show=home$snippet=hide$cate=0$h=500$va=0$rm=0

Credit scores of millions of Americans have been exposed online

The credit scores of millions of Americans were left exposed online when a lender misused an API belonging to the credit reporting agency E...

The credit scores of millions of Americans were left exposed online when a lender misused an API belonging to the credit reporting agency Experian.

As first reported by Krebs on Security, independent security researcher Bill Demirkapi was shopping around for student loan vendors online when he discovered that he could easily pull up his Experian credit score just by entering only a portion of the information normally required to do so.

Demirkapi was on a site that offered to check his loan eligibility just by entering his name, address and date of birth. Normally when using a credit monitoring service, Americans also need to provide their social security number to get access to their credit scores.

After providing the necessary information, Demirkapi took a look at the code on the lender's site and it was then that he found that the company had been invoking Experian's API. He provided more details on the significance of his discovery in a statement to Krebs on Security, saying:

“No one should be able to perform an Experian credit check with only publicly available information. Experian should mandate non-public information for promotional inquiries, otherwise an attacker who found a single vulnerability in a vendor could easily abuse Experian’s system.” 

Exposing Experian's API

To make matters worse, Demirkapi also found that the Experian API being invoked on this particular lender's website could be accessed without any sort of authentication. In fact, he was even able to enter all zeros on the site's date of birth field to pull a person's credit score.

From here, Demirkapi built his own command-line tool to speed up these lookups which he named “Bill's Cool Credit Score Lookup Utility”. Besides being able to pull a person's credit score, the Experian API also provides information on up to four “risk factors” that could explain why their score isn't higher.

In the end, Demirkapi reached out to Experian and the company was able to discover which lender was exposing its API online. In a statement, Experian explained that it takes data security and matters such as this very seriously, saying:

“We have been able to confirm a single instance of where this situation has occurred and have taken steps to alert our partner and resolve the matter. While the situation did not implicate or compromise any of Experian’s systems, we take this matter very seriously. Data security has always been, and always will be, our highest priority.”

Via Krebs on Security



from TechRadar - All the latest technology news https://ift.tt/3u7BjEQ
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3855,Business,147,Camera,1154,Earn $$$,1,Gadgets,1739,Games,924,Innovations,1,Mobile,1695,Paid Promotions,2,Promotions,2,Technology,7933,Trailers,795,Travel,36,Trendly News,18126,Video,4,XIAOMI,12,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Credit scores of millions of Americans have been exposed online
Credit scores of millions of Americans have been exposed online
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/05/credit-scores-of-millions-of-americans.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/05/credit-scores-of-millions-of-americans.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy