Credit Karma bug exposes account info to other users

Customers of the credit monitoring service could see other users' credit scores.

Abrar Al-Heeti Video producer / CNET
Abrar Al-Heeti is a video host and producer for CNET, with an interest in internet trends, entertainment, pop culture and digital accessibility. Before joining the video team, she was a writer for CNET's culture team. She graduated with bachelor's and master's degrees in journalism from the University of Illinois at Urbana-Champaign. Though Illinois is home, she now loves San Francisco -- steep inclines and all.
Expertise Abrar has spent her career at CNET breaking down the latest trends on TikTok, Twitter and Instagram, while also reporting on diversity and inclusion initiatives in Hollywood and Silicon Valley. Credentials
  • Named a Tech Media Trailblazer by the Consumer Technology Association in 2019, a winner of SPJ NorCal's Excellence in Journalism Awards in 2022 and has three times been a finalist in the LA Press Club's National Arts & Entertainment Journalism Awards.
Abrar Al-Heeti
2 min read
Credit cards in leather wallet on wooden background

Credit Karma exposed people's account information to other users. 

Getty Images

Credit Karma users were able to see other people's account information thanks to a "technical issue," a company representative said Wednesday. After logging in, some users were shown other people's credit reports, including personal information such as names and addresses, TechCrunch earlier reported. 

Several users took to Reddit and Twitter to share their experiences of being shown someone else's information. 

Credit Karma is a site that monitors users' credit and lets customers check their credit scores for free. Users can also access credit scores from agencies like Equifax, which last month agreed to pay at least $575 million as part of a settlement over its 2017 data breach.

A Credit Karma representative said the technical issue, which affected less than 0.5% of its users, is believed to have been fixed. No Social Security numbers or individual account numbers were exposed, the representative added. 

A "very limited number of people" had access to other people's credit scores and credit factors, and the company is investigating around 1,000 to 2,000 instances where personal information may have been exposed. If that's the case, Credit Karma will notify affected users as soon as possible, the representative said. 

If anyone sees information that isn't theirs, Credit Karma asks that they reach out to the company immediately. 

"We take security very seriously, and we apologize for the issue and the concern this has caused our members," the representative said in a statement.

Spokeswoman Emily Donohue told TechCrunch there is "no evidence of a data breach." 

Watch this: Equifax breach: Find out if you can claim part of the $700 million

Originally published Aug. 14.
Update, Aug. 15: Adds comment from Credit Karma.