A security mishap left Remine wide open to hackers
Security is all too often focused on keeping hackers out and breaches at bay. But in the case of Remine, a real estate intelligence startup, it left its doors wide open for anyone to run rampant.
Remine is a little-known but major player in the real estate analytics and intelligence market. It works by collecting and mining vast amounts of real estate data — from public listings to privately obtained data from brokers and real estate agents from across the United States. The company, which last year raised $30 million in its Series A to help expand its real estate data and intelligence platform, claims it has data “on 150 million properties across all 50 states.”
But that data was only a few clicks away from being easily accessible, thanks to a misconfigured system.
The misconfiguration was found in Remine’s development environment, which although protected by a password, let anyone outside the company register an account to log in.
Thinking it was a secure space, Remine’s developers shared private keys, secrets and other passwords, which if exploited by a malicious hacker would have allowed access to the company’s Amazon Web Services storage servers, databases and also the company’s private Slack workspace.
Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found the exposed system and reported the findings to TechCruch so we could inform the company of the security lapse.
The exposed private keys, he said, allowed for full access to the company’s storage servers, containing more than a decade’s worth of documents — including title deeds, rent agreements and addresses of customers or sellers, he said.
One of the documents seen by TechCrunch showed personal information, including names, home addresses and other personally identifiable information belonging to a rental tenant.
After TechCrunch reached out, Remine co-founder and chief operating officer Jonathan Spinetto confirmed the security lapse and that its private keys and secrets have been replaced. Spinetto also said it has notified customers with a letter, seen by TechCrunch. And, the company has retained cybersecurity firm Crypsis to handle the investigation, and that the company will “assess and comply” with applicable data breach notification laws based on the findings of the investigation.
Remine escaped bruised rather than breached, a lesson to all companies, large and small, that even the smallest bug can be enough to wreak havoc.
Read more:
Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849.
Security is all too often focused on keeping hackers out and breaches at bay. But in the case of Remine, a real estate intelligence startup, it left its doors wide open for anyone to run rampant. Remine is a little-known but major player in the real estate analytics and intelligence…
Recent Posts
- 7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (April 19)
- The Verge’s 2024 Mother’s Day gift guide
- Trek Fetch+ 2 Review: A Solid, Though Expensive, Cargo Ebike
- Automate your vacuuming and mopping with $400 off the Roomba Combo J9+
- Google Chat will now play nice with all your other work messaging platforms
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011