This feels to me like Experian and others all over again. When you actually read this article titled Mr. Cooper leak exposes over two million customers you’ll probably need to go do something that won’t be mentioned here.
Mr. Cooper, a major US mortgage company, left an open Google Cloud instance exposing details of millions of its customers only two months after the company suffered a severe data breach.
America’s third-largest mortgage servicer left details of its customers accessible to anyone willing to look, recent research from the Cybernews research team has revealed. Mr. Cooper’s open Google Cloud storage bucket contained a trove of data, including marketing materials and site assets, but more importantly, names, loan numbers, and other data about its customers.
The team discovered the leak in late December 2023, less than two weeks after Mr. Cooper revealed it suffered a significant data breach in October 2023, which exposed the information of 14.6 million of the company’s clients. However, the publicly accessible data discovered by the team does not include data exposed in the October breach, pointing to the incidents being unrelated.
What kind of Mr. Cooper data was leaked?
After researchers contacted the company, Mr. Cooper closed the open Google Cloud instance and fixed the issue. We reached out to the company for official comment about the leak yet did not receive a reply before publishing this article.
What kind of Mr. Cooper data was leaked?
According to the team, the documents with personal customer data were likely used to track Mr. Cooper’s push to adopt the “Paperless” feature, where customers are sent digital documents instead of printed ones.
The leaked data includes:
But that’s not all. They initially fixed the problem but research found other stuff too.
They also found that other users, not directly doing business with Mr. Cooper were also affected by this massive breach.
The team discovered two kinds of sensitive files on the open instance: one type containing names and emails and another containing names and phone numbers. Files with names and emails had details on 1.7 million individuals, and files with names and phone numbers had data on 2.7 million individuals.
The leaked data also contained the names and phone numbers of other mortgage brand customers serviced by Mr. Cooper:
- 207,672 United Wholesale Mortgage customers
- 161,761 LakeView customers
- 53,924 Veterans United customers
- 37,384 USAA customers
- 35,794 RightPath Servicing customers
- 12,722 Wintrust Mortgage Customers
- 3,778 Paddio Customers
The links that were found in this open Google database could allow anyone to make some modifications to the account without logging in to the web site or application.
Additionally, some of the leaked details included “enrollment links,” allowing the modification of some account settings without logging in. For example, malicious actors could use the flaw to enable the “Paperless” feature for users’ loans.
This is the first time I’ve heard of this. I hope it is the last I hear of this.
MENVI has an application, after that, everything else is closed. The Mix, the same thing.
According to Mr. Cooper’s website, the company has 4.3 million US customers and is the country’s third-largest mortgage servicer. The company’s revenue for 2022 stood at nearly $3 billion, and the company employed over 8,000 staff.
Better notify everyone, we don’t know how bad this is going to be.
To read the entire article, in case I missed anything in quoting the most important parts, please read the Cybernews article titled Mr. Cooper leak exposes over two million customers | Cybernews.
Yes, this article was written on the 22nd, but I didn’t see it till now. I’ve been in this section of their page and didn’t spot it.
I know of at least one user who will probably need some help after reading this. It won’t surprise me if they get the moron of the podcast this week. This is crazy. Sound off!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.