Brian Krebs broke the news late Friday that Fortune 500 real estate insurance giant First American exposed approximately 885 million sensitive records because of a bug in its website. The news has been picked up by various business media.
Byron Rashed, VP of Marketing at Centripetal Networks:
“This kind of disclosure isn’t common; usually the back doors are from vulnerabilities that have not yet been discovered or patched. In this case, there was no authentication – if you stole credentials from somewhere else, you could access all kinds of account information. It’s very surprising for a Fortune 500 company to have this kind of security posture. What they should have done is what most companies do -authenticate with a password or 2 factor authentication. This so beyond a textbook example of a breach.”
To read more, please see the article.