A Silicon Valley tech company backed by rapper Nas was hit by a security breach earlier this year that revealed it had been lax with users’ sensitive personal information, including bank account numbers, The Post has learned.
Earnin, which is also backed by tech investor Andreesen Horowitz, discovered in February that a third-party security firm had accessed customers’ bank transactions — including all their debit card purchases and payment statements going back for months, the company confirmed to The Post.
The incident prompted Earnin executives to shore up their security generally. They found major weaknesses, sources said. Prior to the breach, for example, the Palo Alto company kept customers’ unencrypted bank account and routing numbers, home and work addresses, phone ID numbers, and users’ GPS coordinates on an internal server, two ex-employees said.
The former employees said the data had been left unprotected because of a practice by Earnin’s developers to copy-and-paste customer information from a more secure server used for running the app into a less secure server used for testing it.
“It’s something in the water in San Francisco, the whole ‘move fast and break things’ mentality,” one ex-employee told The Post.
“On the account number and routing number, it is true that [they were] being stored in plain text,” the ex-staffer said.
“It was something we were intending to change, but I guess the thought process was that our system was secure enough that this was going to be all right.”
Earnin confirmed that a “white-hat,” or non-malicious, security firm had accessed the bank transactions data in February, It said it hired a cybersecurity firm to review the incident and has since taken corrective action.
“Since discovering the incident, Earnin has further strengthened its ..
Support the originator by clicking the read the rest link below.
