Posted on February 26, 2020 at 8:03 PM
According to a recent report, a security breach was discovered on the Remine Real Estate portal. The real estate startup left its security wide open for anyone outside the company to explore. According to the report, the security mishap allowed unauthorized access to the company’s portal, as outsiders could access personal information of sellers and renters.
Recently, the company said it has gathered data “on 150 million properties across all 50 states.” However, such amount of data was left vulnerable recently and hackers could have made a feat of it.
Last year, the company realized $30 million in investment funding to increase its real estate intelligence and data gathering platform.
Vulnerability caused by a misconfigured system
The cause of the vulnerability is known to be a misconfigured system. It was discovered in the company’s development environment, which although password-protected, which allowed non-workers to register and login to access the portal.
The developers of the Remine portal shared passwords, secrets, and private keys, which could have given hackers access to Remine’s private slack workspace and databases. The malicious hacker could have taken advantage of the vulnerability to take control of the company’s Amazon Web Services storage servers.
A researcher at SpideSilk cybersecurity outfit, Mossab Hussein, discovered the vulnerability and informed TechCrunch about his findings.
He said that the vulnerable private keys allowed total access to the firm’s storage servers. which contains more than 10-years of documents worth, which include addresses of sellers and customers, rent agreements, and title deeds.
Also, one of these documents contains personal information, which includes names, personal identification information, and home addresses of rental tenants.
When Remine was informed about the vulnerability, the company’s co-founder, Jonathan Spinetto, agreed that there were security flaws and the company has replaced its private keys and secrets.
Spinetto also revealed that has sent a letter to inform its customers about the security vulnerability.
Furthermore, the firm has employed the services of Crypsis, a cybersecurity firm, to investigate the situation. He further stated that the firm is going to adhere to the necessary data breach notification rules after its investigation.
However, Remine was lucky attackers have not pounced on the vulnerable network yet. The real estate company is carrying out a maintenance patch to correct the lapses, as an investigation into the mishap is still ongoing.
Companies still facing vulnerability issues
The security vulnerability is coming amidst reports of several vulnerability issues across different platforms. The security issues have been challenging for many companies and organizations. And the vulnerability of Remine is a reminder that no company or organization is immune to security flaws. The top multinationals and even tech firms have had security breaches, where some of them were not so lucky to avoid being attacked.
Remine will be lucky not to have their system infiltrated as a result of the vulnerability. From reports gathered from the company, it’s going to inform its customers and the public when there is any new development about the situation.
Remine is a real estate platform that connects lenders, agents, consumers, and other service providers together in one platform to help everyone have better access to data. The company makes this platform available to lenders, consumers, and other service providers to ensure the best possible transaction.
In 2018, the company launched its mobile platform, making it available in Android and Apple devices. The robust core application provides its members and users the opportunity to access the portal while on-the-go.