myFICO® Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Experian API Leaks Most Americans’ Credit Scores

tag
Get Access Now
donotpassgo
Valued Member
‎04-29-2021 06:11 PM
‎04-29-2021 06:11 PM

Experian API Leaks Most Americans’ Credit Scores

A researcher is claiming that the credit scores of almost every American were exposed through an API...

 

The tool, called the Experian Connect API, allows lenders to automate FICO-score queries. Bill Demirkapi, a sophomore at Rochester Institute of Technology, was shopping for student loans when he found a lender that would check his eligibility with just a name, address and date of birth, according to a published report.

 

“No one should be able to perform an Experian credit check with only publicly available information,” Demirkapi told Krebs On Security, which was the first to break the story of the leak. “Experian should mandate non-public information for promotional inquiries, otherwise an attacker who found a single vulnerability in a vendor could easily abuse Experian’s system.”

 

Demirkapi said he was even able to build a command-line tool that let him automate lookups, even after entering all zeros in the fields for date of birth, which he named, “Bill’s Cool Credit Score Lookup Utility.”

 

In addition to raw credit scores, Krebs said that he was able to use the API connection to get “risk factors” from Experian that explained potential flaws in a person’s credit history. He ran a credit check for his friend “Bill” which returned the explanation for his mid-700s credit score that he had “Too many consumer-finance company accounts.”

 

Message 1 of 13
Reply
12 REPLIES 12
Azza
Regular Contributor
‎04-29-2021 08:40 PM
‎04-29-2021 08:40 PM

Re: Experian API Leaks Most Americans’ Credit Scores

Crazy.

 

Or at this point, is it?

 

 

Currently Reporting:

Current Score:

Gardening Started with:


Message 2 of 13
0 Kudos
Reply
babygirl1256
Senior Contributor
‎04-30-2021 12:22 AM
‎04-30-2021 12:22 AM

Re: Experian API Leaks Most Americans’ Credit Scores

Wow . . . like we really need another issue to slow down our attempt to improve our credit. It's already sometimes a challenge to deal with the Credit Reporting Agencies . . . or at least it is for me. I hope it has been thoroughly fixed! 

Starting FICO 8 Score in 06/2019: EQ-625, TU-649, EX-640
Current FICO 8 Score in 06/2021: EQ-796, TU-806, EX-812
Goal FICO 8 Score in 06/2022: EQ-825, TU-850, EX-850
Message 3 of 13
0 Kudos
Reply
KatSoDak
Frequent Contributor
‎04-30-2021 07:11 PM
‎04-30-2021 07:11 PM

Re: Experian API Leaks Most Americans’ Credit Scores

He ran a credit check for his friend “Bill” which returned the explanation for his mid-700s credit score that he had “Too many consumer-finance company accounts.”

 

Haha, I feel for ya "Bill". That darn CFA code.

 

FICO 8:

EQ FICO 9 - 770
EX FICO 9 - 758

Citi (2) | Discover | HSBC | BOA | NFCU (2) | WF (2) | Simmons Bank | FNBO (2) | PENFED | BBVA | US Bank | Lowes | Care Credit | Home Depot AU
Message 4 of 13
0 Kudos
Reply
designated_knitter
Established Contributor
‎05-02-2021 08:53 PM
‎05-02-2021 08:53 PM

Re: Experian API Leaks Most Americans’ Credit Scores

Of course, the worst part of this is that the API back door may still be active and by posting this story, even mor malicious actors will use it.

 

I wouldn't be surprised if more agencies have similar APIs and all information is really just wide open!

Started Over Again after Cap1 Death Penalty:
06/15/2019:
03/02/2021:
04/06/2021:
05/28/2021:
Lesson Learned: DON'T POKE THE BEAR!!! THE BEAR WILL WIN!!!
Message 5 of 13
0 Kudos
Reply
Anonymous
Not applicable
‎05-03-2021 06:48 PM
‎05-03-2021 06:48 PM

Re: Experian API Leaks Most Americans’ Credit Scores

@designated_knitter wrote:

Of course, the worst part of this is that the API back door may still be active and by posting this story, even mor malicious actors will use it.

 

I wouldn't be surprised if more agencies have similar APIs and all information is really just wide open!

The article says that Experian closed the back door. 

Message 6 of 13
Reply
805orbust
Valued Contributor
‎05-03-2021 07:13 PM
‎05-03-2021 07:13 PM

Re: Experian API Leaks Most Americans’ Credit Scores

I love how it's so easy for them and even "Bill" to get our private information but let us try to alert them to an inaccurate item and Fort Knox is closed for lockdown.



Message 7 of 13
Reply
Anonymous
Not applicable
‎05-03-2021 08:40 PM
‎05-03-2021 08:40 PM

Re: Experian API Leaks Most Americans’ Credit Scores

@805orbust wrote:

I love how it's so easy for thrives and even "Bill" to get our private information but let us try to alert them to an inaccurate item and Fort Knox is closed for lockdown.

Haha for real! 😂 

Message 8 of 13
Reply
Girlzilla88
Valued Contributor
‎05-07-2021 06:54 AM
‎05-07-2021 06:54 AM

Re: Experian API Leaks Most Americans’ Credit Scores

@Anonymous    Do you think this is in any way connected with my EX updating slow this month normally by now I would have 2 or 3 updates at least for my EX and nothing has flipped over to May yet.....?!?     







Message 9 of 13
0 Kudos
Reply
Anonymous
Not applicable
‎05-07-2021 07:35 AM
‎05-07-2021 07:35 AM

Re: Experian API Leaks Most Americans’ Credit Scores

@Girlzilla88 wrote:

@Anonymous    Do you think this is in any way connected with my EX updating slow this month normally by now I would have 2 or 3 updates at least for my EX and nothing has flipped over to May yet.....?!?     

Nah I doubt it. Mine updated like normal this month. 

Message 10 of 13
Reply
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.