Experian API Leaks Most Americans’ Credit Scores

2021-04-29 18:42

A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections.

Demirkapi was surprised and decided to take a peek at the code, which showed that an connection to an Experian API was behind the tool, he said.

"No one should be able to perform an Experian credit check with only publicly available information," Demirkapi told Krebs On Security, which was the first to break the story of the leak.

In addition to raw credit scores, Krebs said that he was able to use the API connection to get "Risk factors" from Experian that explained potential flaws in a person's credit history.

Experian said it fixed the unprotected endpoint instance, but some researchers are concerned that other exposed Experian APIs might be out there, sitting unprotected, just waiting to be exploited by cybercriminals.

The security community isn't holding back on its criticisms of Experian for the leaky API, which they said was concerning even if it was a single instance.

News URL

https://threatpost.com/experian-api-leaks-american-credit-scores/165731/

#american #API #leak