A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections.
Experian, for its part, refuted concerns from the security community that the issue could be systemic.
The tool, called the Experian Connect API, allows lenders to automate FICO-score queries. Bill Demirkapi, a sophomore at Rochester Institute of Technology, was shopping for student loans when he found a lender that would check his eligibility with just a name, address and date of birth, according to a published report.
Read more…
Source: ThreatPost