Millions of American Credit Scores Leaked in Experian API


May 4, 2021

Experian, one of the “Big Three” credit bureau has a problem on its hands. Bill Demirkapi, a student at the Rochester Institute of Technology (RTI) has discovered a bug in an application programming intermediate (API) that would allow an attacker to soft pull anyone’s credit score with just their name and mailing address.

Demirkapi’s findings were first published on the 28th of April along with a screenshot of the lookup utility he built to demonstrate the exploit.


(Courtesy of KrebsOnSecurity)

All someone needs to access a target’s FICO score is their name (first and last), street address, and zip code, and voilà! a FICO score, anybody’s FICO score, right in your terminal window!

Dmirkapi claims he discovered the security hole when shopping for a student loan.

Security7 wasn’t able to verify the credibility of Dmirkapi’s claim, but Experian has in a written statement.

So what can you do to protect yourself?

A few years ago there was a pretty massive data breach at Equifax, another major credit bureau. Security7 compiled a list of steps you could take to protect your credit file. Here they are:

Step 1. Find out if your information was exposed – Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.

Step 2. If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.

Step 3. Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.

Step 4. Place a credit freeze on your files – A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.

How do I place a freeze on my credit reports?

Contact each of the nationwide credit reporting companies:

You’ll need to supply your name, address, date of birth, Social Security number, and other personal information. Fees vary based on where you live but commonly range from $5 to $10.

After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

We’ve personally called all three numbers and can attest that they work. Equifax charges no fee for the credit freeze. Experian and TransUnion will charge you a fee, depending on the state you live in. A majority of people will probably have to pay $10 for both.

Carl Keyser is the Content Manager at Integris.

Keep reading

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...

Why Is My Laptop Draining So Fast?

Why Is My Laptop Draining So Fast?

Before You Replace Your Laptop Battery, Try These Fixes First Stuck with a laptop that’s running out way before it’s standard 8-10 hours of run time? Don't throw it out just yet.  Try these quick fixes to extend its life: Reduce your screen brightness If possible,...