Experian hasn’t really learned their lesson when it comes to keeping information safe. Within the article I’ll be linking to, I just have to laugh at what they say once Krebs on Security contacts them about what I’m going to talk about.
Apparently, a researcher, who is also a sophomore at a university in New York, found that needing a student loan had to be done so he did some research in to what might meet his needs. One of the lenders used an API provided by Experian to do automatic FICO credit score lookups on their web site.
The API had no authentication what so ever. Readers who come here probably know what happens next, right?
“We have been able to confirm a single instance of where this situation has occurred and have taken steps to alert our partner and resolve the matter,” Experian said in a written statement. “While the situation did not implicate or compromise any of Experian’s systems, we take this matter very seriously. Data security has always been, and always will be, our highest priority.”
What’s laughable is: … “we take this matter very seriously. Data security has always been, and always will be, our highest priority.”
Data Security has always been your lowest priority, and you get our information from who knows where, because you buy it. Us consumers do not deal with you directly, but you deal with lenders like the one you shut off, because your API is not secured and authenticated.
The researcher was also shut off and he wasn’t doing anything wrong but trying to help you fix a weakness in your supposed product.
For the full story, read Experian API Exposed Credit Scores of Most Americans for all of the details on what is going on over there. I’m sure my readers will find this of interest.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.