First American Financial Corporation left as many as 885 million real estate documents dating as far back as 2003 exposed.
The company, one of the largest real estate title insurance firms in the US, has already fixed the vulnerability as of Friday afternoon after the security researcher notified it of the flaw.
Before the patch rolled out, however, anybody armed with a link to one of the documents hosted on its website could simply change a single digit in the URL to access somebody else's files. The documents didn't require a password or any kind of authentication.
Due to the nature of its business, those files include a variety of sensitive information, including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts and drivers license images.