API security

Experian lending partner bug exposes credit data. Watch out for leaky APIs and other third-party risk!

April 29, 2021 – Leading American consumer credit bureau Experian was notified of a flaw in their application programming interface (API) that exposed the credit card scores of tens of millions of US users, KrebsOnSecurity reports. Independent researcher Bill Demirkapi discovered the issue when, while using a lender’s site, he noted that he was able to obtain his credit score by simply entering his name and street address. By examining the code, he determined that the lender’s site was using Experian’s API to retrieve the credit data, and he was even able to automate the process (cleverly dubbing the automation “Bill’s Cool Credit Score Lookup Utility”).

Related Resources

Using Veridium for Passwordless

Watch Now