Credit Karma accused of “roulette” security breach on Reddit
US-based free credit score monitoring site, Credit Karma, received complaints on Reddit for a supposed “roulette” security breach which saw users given access to other customer’s account information when they logged in.
One Credit Karma customer on Reddit says: “First time logging in, it gave me my information, but as soon as I refreshed the screen, it gave me someone else’s info. Refreshed again and bam! Someone else’s info. It’s like roulette.”
The Reddit thread, which gathered 273 comments in a day, noticed it was only happening on mobile and likened the breach to Chase’s mobile protocol bug last year.
It even prompted some kind-hearted users to reach out to those whose data they had seen to let them know their data had been compromised.
On the Credit Karma website, reports are separated into two sections and it seems the ‘Credit Factors’ section only was compromised, which contains information on number of customer accounts, loans and missed payments.
Spokesperson for Credit Karma, Emily Donohue, has described the data lapse as a “technical malfunction” which “has now been fixed”, denying any evidence of a breach in customer information.