Feature Two separate internet affiliate networks have closed vulnerabilities that exposed potentially millions of records in one of the most sensitive areas: payday loans.
US-based software engineer Kevin Traver contacted us after he found two large groups of short-term loan websites that were giving up sensitive personal information via separate vulnerabilities. These groups all gathered loan applications and fed them to back-end systems for processing.
The first group of sites allowed visitors to retrieve information about loan applicants simply by entering an email address and a URL parameter. A site would then use this email to look up information on a loan applicant.
"From there it would pre-render some information, including a form that asked you to enter the last four digits of your SSN [social security number] to continue," Traver told us. "The SSN was rendered in a hidden input, so you ..
Support the originator by clicking the read the rest link below.
