Are you one of the 885 million consumers affected by the First American Financial data leak? Last Friday, files stored on the First American Financial company’s website (firstam.com), contained bank account numbers, bank statements, mortgage records, tax documents, wire transfer receipts Social Security numbers and photos of driver’s licenses. Information dated back to 2003 was available without any sort of protection and could be accessed without a password.
Data Leak Details
This type of data leak is unfortunately a relatively common website design error called “Insecure Direct Object Reference” (IDOR), according to Dave Farrow, Senior Director of Information Security at Barracuda Networks. Essentially, a link to a web page with sensitive information is created and intended to only be seen by a specific party, but there is no method to actually verify the identity of who is viewing the link. As a result, anyone who discovers a link to one document can view it and discover any of the other documents hosted on the site by simply modifying the link.
A data leak is different from a data breach. In a breach, unauthorized access to sensitive information is intentional. In a data leak like this one, the sensitive information is left out in the open, often because the server was not set up with the proper security. Even if this information existed online, undetected by anyone, at least some of it was still captured by search engines. According to First American, cached versions of at least 6,000 exposed documents were still readable online. The company is making efforts to remove them, but those documents simply exist online with sensitive information readily available to anyone who finds them.
With a considerable amount of valuable information still online and potentially accessible by cyber criminals, someone may use that information in a malicious way. That will most likely result in a Business Email Compromise (BEC), according to Barracuda Networks. These types of attacks are typically phishing and social engineering attacks used to gain access to a company’s network or other sensitive information.
Protect Your Organization
To protect your information before something potentially bad occurs, we suggest two preventative actions. First, you should check if your credentials and/or social security number are compromised by running a dark web scan on your company domain. Simply request it by using this link https://kybersecure.com/dark-web-scan/. Second, you should notify all employees of this data leak and ensure that they are properly trained on phishing and social engineering prevention. A simple first step you can take is to subscribe them to our weekly IT security email tips https://kybersecure.com/weekly-tips/. These tips are simple, regular reminders of things you can do to avoid a data breach.
Data leaks and data breaches are more common every day. Unfortunately, small and medium sized organizations are usually the ones that take the hit. Protect your information and invest in a layered cybersecurity approach.