Credit Karma bug exposes account info to other users
Customers of the credit monitoring service could see other users' credit scores.
Abrar Al-HeetiVideo producer / CNET
Abrar Al-Heeti is a video host and producer for CNET, with an interest in internet trends, entertainment, pop culture and digital accessibility. Before joining the video team, she was a writer for CNET's culture team. She graduated with bachelor's and master's degrees in journalism from the University of Illinois at Urbana-Champaign. Though Illinois is home, she now loves San Francisco -- steep inclines and all.
ExpertiseAbrar has spent her career at CNET breaking down the latest trends on TikTok, Twitter and Instagram, while also reporting on diversity and inclusion initiatives in Hollywood and Silicon Valley.Credentials
Named a Tech Media Trailblazer by the Consumer Technology Association in 2019, a winner of SPJ NorCal's Excellence in Journalism Awards in 2022 and has twice been a finalist in the LA Press Club's National Arts & Entertainment Journalism Awards.
Credit Karma users were able to see other people's account information thanks to a "technical issue," a company representative said Wednesday. After logging in, some users were shown other people's credit reports, including personal information such as names and addresses, TechCrunch earlier reported.
Several users took to Reddit and Twitter to share their experiences of being shown someone else's information.
A Credit Karma representative said the technical issue, which affected less than 0.5% of its users, is believed to have been fixed. No Social Security numbers or individual account numbers were exposed, the representative added.
A "very limited number of people" had access to other people's credit scores and credit factors, and the company is investigating around 1,000 to 2,000 instances where personal information may have been exposed. If that's the case, Credit Karma will notify affected users as soon as possible, the representative said.
If anyone sees information that isn't theirs, Credit Karma asks that they reach out to the company immediately.
"We take security very seriously, and we apologize for the issue and the concern this has caused our members," the representative said in a statement.
Spokeswoman Emily Donohue told TechCrunch there is "no evidence of a data breach."
Watch this: Equifax breach: Find out if you can claim part of the $700 million
Originally published Aug. 14. Update, Aug. 15: Adds comment from Credit Karma.