TechCrunch: Credit Karma glitch exposed users to other people’s accounts. https://techcrunch.com/2019/08/14/credit-karma-glitch-accounts/
No personally identifiable information was exposed (e.g. names, SSNs, acct #s). It’s still pretty troubling.
"One user told TechCrunch that after they were served another person’s full credit report, they messaged the user on LinkedIn"
You can’t view your full credit report on Credit Karma. Lol Anyway, I’m sharing what I heard, but I understand I’m a biased source. There are a few embarrassing factual inaccuracies that should cast doubt on the Tech Crunch reporting though.
Credit karma trying to control the narratives lol
We deny the data breach
So say we all
What was the issue though? Over sight, bad experiment or untested code ?
Don't know major details but was related to incorrect session object used. You could see someone else's session but not PII, PII has extra level security. So, very few people saw someone else's credit score but they don't know whose score they were cz PII screen was blocked. This is my knowledge!
Interesting. Thanks!
some PII was potentially seen
> just a glitch