“First time logging in it gave me my information, but as soon as I refreshed the screen, it gave me someone else’s info,” one Reddit user said. “Refreshed again and bam! someone else’s info — it’s like roulette.”
Someone else said they logged into the service and then out again quite a few times and that every time they got “full access to a different random person’s credit file.”
TechCrunch reached out to someone else who said they got full access to a random person’s credit report, and they contacted the person on Linkedin “to let him know his data was compromised.”
“The reports are split into two sections: Credit Factors — things like number of accounts, inquiries, utilization; and Credit Reports — personal information like name, address, etc.,” the user said. “The Credit Reports section was my own information, but the Credit Factors section definitely wasn’t. It listed four credit card accounts (I have more like 20 on my report), a missed payment (I’m 100% on time with payments), a Honda auto loan (never had one with Honda), student loan financing (mine are paid off and too old to appear on my report), and cards with an issuer that I have no relationship with (Discover).”
TechCrunch said it saw numerous screenshots of other people’s accounts, and another user said they could see derogatory credit marks even if personal info wasn’t viewable.
A Credit Karma spokesperson said the incident wasn’t a breach but wouldn’t disclose how many customers were affected or how long the issue persisted.
“What our members experienced this morning was a technical malfunction that has now been fixed. There is no evidence of a data breach,” Credit Karma said.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More