Users of credit monitoring site Credit Karmas have complained that they were served other people’s account information when they logged in.
“First time logging in it gave me my information, but as soon as I refreshed the screen, it gave me someone else’s info,” said one Reddit user. “Refreshed again and bam! someone else’s info — it’s like roulette.” Another user said they logged in and out several times and each time they had “full access to a different random person’s credit file,” they said.
One user told TechCrunch that after they were served another person’s full credit report, they messaged the user on LinkedIn “to let him know his data was compromised.”
Another user told us this:
The reports are split into two sections: Credit Factors — things like number of accounts, inquiries, utilization; and Credit Reports — personal information like name, address, etc.. The Credit Reports section was my own information, but the Credit Factors section definitely wasn’t. It listed four credit card accounts (I have more like 20 on my report), a missed payment (I’m 100% on time with payments), a Honda auto loan (never had one with Honda), student loan financing (mine are paid off and too old to appear on my report), and cards with an issuer that I have no relationship with (Discover).
Several screenshots we’ve seen show other people’s accounts, including details about their credit card accounts and their current balance.
At the time of writing, another user told TechCrunch that the login pages were down. “We’ll be right back,” the website read.
Credit Karma spokesperson Emily Donohue denied there was a data breach, but when asked would not say how many customers were affected.
“What our members experienced this morning was a technical malfunction that has now been fixed. There is no evidence of a data breach,” the statement said.
The company didn’t say for how long customers were experiencing issues.
Credit Karma offers customers free credit score monitoring and reports. The company allows users to check their scores against several major credit agencies, including Equifax, which last month was fined at least $575 million for a 2017 data breach.
This post was originally posted at http://feedproxy.google.com/~r/Techcrunch/~3/SW9hZN7sFjk/.