https://ficoforums.myfico.com/t5/General-Credit-Topics/MagnifyMoney-com-sharing-personal-information-loan-request-from/m-p/4305199#M218686 <P>Looks like they've pulled down the live pages (but copies/caches are still out there, of course), no public announcement from the company yet. &nbsp;Looks like at a minimum September and October applications were included.</P><P>&nbsp;</P><P>Why yet another company thought storing full data (names, SSNs, addresses, incomes, etc...) in unencrypted, plain-text JSON logfiles, directly under their main webroot directory, without any access control was even on the same planet as good security practice boggles the mind.</P><P>&nbsp;</P><P>Ironically, their company <A href="https://twitter.com/magnify_money" target="_self">Twitter feed</A> this week included this gem <STRONG>"For new companies, any breach early could be catastrophic as they build their reputations."</STRONG></P><P>&nbsp;</P><P>Someone might want to... follow up on that tweet with a few pointed questions.</P><P>&nbsp;</P> Sat, 31 Oct 2015 19:16:16 GMT iv 2015-10-31T19:16:16Z https://ficoforums.myfico.com/t5/General-Credit-Topics/MagnifyMoney-com-sharing-personal-information-loan-request-from/m-p/4303351#M218671 <P>I recently received an alert from MyFico.com that my personal information was listed on a website, so I did a simple google search, and found that all my personal information along with lots of others was listed in loan request logs on MagnifyMoney.com (which I'm not a member of) with information from loan requests that I made through Vouch, Prosper, and The Lending Club. I recently sent these request from Credit Karma and Credit Sesame. I don't know which one of these websites are sharing the information. I emailed each of them and requested my information deleted immediately.</P><P>&nbsp;</P><P>If you recently submitted a loan request your information might also be listed in these logs. So be careful when applying with these online loan applications.</P><P>&nbsp;</P><P><A href="http://www.magnifymoney.com/assets/personalloanlog/" target="_blank">http://www.magnifymoney.com/assets/personalloanlog/</A></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 30 Oct 2015 15:17:04 GMT https://ficoforums.myfico.com/t5/General-Credit-Topics/MagnifyMoney-com-sharing-personal-information-loan-request-from/m-p/4303351#M218671 Anonymous 2015-10-30T15:17:04Z https://ficoforums.myfico.com/t5/General-Credit-Topics/MagnifyMoney-com-sharing-personal-information-loan-request-from/m-p/4305199#M218686 <P>Looks like they've pulled down the live pages (but copies/caches are still out there, of course), no public announcement from the company yet. &nbsp;Looks like at a minimum September and October applications were included.</P><P>&nbsp;</P><P>Why yet another company thought storing full data (names, SSNs, addresses, incomes, etc...) in unencrypted, plain-text JSON logfiles, directly under their main webroot directory, without any access control was even on the same planet as good security practice boggles the mind.</P><P>&nbsp;</P><P>Ironically, their company <A href="https://twitter.com/magnify_money" target="_self">Twitter feed</A> this week included this gem <STRONG>"For new companies, any breach early could be catastrophic as they build their reputations."</STRONG></P><P>&nbsp;</P><P>Someone might want to... follow up on that tweet with a few pointed questions.</P><P>&nbsp;</P> Sat, 31 Oct 2015 19:16:16 GMT https://ficoforums.myfico.com/t5/General-Credit-Topics/MagnifyMoney-com-sharing-personal-information-loan-request-from/m-p/4305199#M218686 iv 2015-10-31T19:16:16Z