First American Financial Corp Suffers Data Leak – 885 Million Files Exposed

Fortune 500 company First American Financial Corp has suffered a data leak. As a result, 885 million records have been exposed.

The blockbuster security incidences is continuing into June. This time, fortune 500 company First American Financial Corp is in the spotlight for a data leak. From Krebs on Security:

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

Santa Ana, Calif.-based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in more than $5.7 billion in 2018.

Earlier this week, KrebsOnSecurity was contacted by a real estate developer in Washington state who said he’d had little luck getting a response from the company about what he found, which was that a portion of its Web site ( was leaking tens if not hundreds of millions of records. He said anyone who knew the URL for a valid document at the Web site could view other documents just by modifying a single digit in the link.

And this would potentially include anyone who’s ever been sent a document link via email by First American.

KrebsOnSecurity confirmed the real estate developer’s findings, which indicate that First American’s Web site exposed approximately 885 million files, the earliest dating back more than 16 years. No authentication was required to read the documents.

Many of the exposed files are records of wire transactions with bank account numbers and other information from home or property buyers and sellers. Ben Shoval, the developer who notified KrebsOnSecurity about the data exposure, said that’s because First American is one of the most widely-used companies for real estate title insurance and for closing real estate deals — where both parties to the sale meet in a room and sign stacks of legal documents.

After inquiries to the company were made, the company responded saying that they have since closed down external access because of the “design defect”. The company says that an internal review has been initiated as well. It seems that this action took place after the site began contacting the company, not after the developer tried to warn them about the issue. It seems that the threat of this whole story being exposed in the media was what it took to get the company to act which can be rather rage inducing for some people.

This is definitely not the greatest start for the month of June. Last month, we reported on the half a terabyte of data that was dumped onto Tor after a failed blackmail attempt. Companies like Toshiba, BT, Porsche, and many others were impacted by that data breach.

After that, an unknown data breach affected nearly 40% of the entire population of Australia. From there, StackOverflow became the victim of a breach. In that case, an unknown umber of accounts were compromised. Then, Instagram suffered a 49 million record data leak.

The month ended with a bang when Canva had 139 million accounts compromised from a data breach. The very next day, we reported on the Flipboard data breach which saw up to 150 million accounts exposed.

It’s beginning to look like June is going to be one busy month for security incidences as well.

Drew Wilson on Twitter: @icecube85 and Facebook.

6 Trackbacks and Pingbacks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: