CyberNews Briefs

API Hole on Experian Partner Site Exposes Credit Scores

A Rochester Institute of Technology sophomore discovered a vulnerability on a partner website of Experian that allows anyone to look up credit scores with a name and mailing address. Bill Demirkapi found the leak when he was looking for information about student loan vendors online. 

He discovered the code behind a page that used an application programming interface that could be accessed without any authentication. The lender site offered to check his loan eligibility by entering his name, address and date of birth, and when he entered all zeros in the “date of birth” field, the site let him pull up a person’s credit score.Experian was alerted and discovered the lending site that was exposing the API, access is disabled now.

Read more: API Hole on Experian Partner Site Exposes Credit Scores

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.