700Credit API ID validation security flaw
Vulnerability
Summary
Hide ▲
Show ▼
A 700Credit integration API flaw let an attacker copy consumer records, creating unauthorized-access risk for dealership-client data. The weakness was a failure to validate consumer reference IDs against the original requester, and the exposed API was later terminated. Because the flaw enabled data exfiltration, the risk centered on sensitive personal information rather than a generic outage.
Related Happenings
700Credit 700Dealer.com customer records leak
Data Leak
First: 16.12.2025 12:15
Last: 16.12.2025 12:15
Sources 1
About this happening:
The **700Credit** data leak exposed **5.8 million end customers** after records in the **700Dealer.com** application were copied without authorization. The exposed PII included **...
700Credit 700Dealer.com customer records leak
Data LeakAbout this happening: The **700Credit** data leak exposed **5.8 million end customers** after records in the **700Dealer.com** application were copied without authorization. The exposed PII included **...
700Credit hit by cyberattack
Incident
First: 15.12.2025 11:21
Last: 15.12.2025 11:21
Sources 1
How related:
"The investigation determined that certain records in the web application relating to customers of its dealership clients were copied without authorization," 700Credit says in the notification to affected individuals.
About this happening:
**700Credit** disclosed a **breach** involving a **compromised third-party API** tied to its web application, affecting **5,836,521 individuals**. Attackers reportedly reached the...
700Credit hit by cyberattack
IncidentHow related: "The investigation determined that certain records in the web application relating to customers of its dealership clients were copied without authorization," 700Credit says in the notification to affected individuals.
About this happening: **700Credit** disclosed a **breach** involving a **compromised third-party API** tied to its web application, affecting **5,836,521 individuals**. Attackers reportedly reached the...
700Credit customer records leak through compromised third-party API
Data Leak
First: 15.12.2025 11:21
Last: 15.12.2025 11:21
Sources 1
About this happening:
700Credit disclosed a **data leak** that exposed personal information from dealership-client records and affected **5,836,521 individuals**, creating identity-theft risk. The expo...
700Credit customer records leak through compromised third-party API
Data LeakAbout this happening: 700Credit disclosed a **data leak** that exposed personal information from dealership-client records and affected **5,836,521 individuals**, creating identity-theft risk. The expo...
Timeline
-
15.12.2025 18:49 1 articles · 5mo ago
700Credit detects suspicious API activity
Detection Ioc Update700Credit noticed suspicious activity on its systems on October 25, launched an investigation with third-party computer forensic specialists, and determined that certain records in the web application for customers of its dealership clients were copied without authorization after an exposed customer-information API was abused.
Show sources
- 700Credit data breach impacts 5.8 million vehicle dealership customers — www.bleepingcomputer.com — 15.12.2025 18:49
-
15.12.2025 18:49 2 articles · 5mo ago
700Credit begins notifying affected people
Initial Disclosure700Credit begins notifying more than 5.8 million people that their personal information was exposed, files breach notifications with the FTC on its own behalf and for affected dealer clients, informs the National Automobile Dealers Association, and offers 12 months of identity protection and credit monitoring through TransUnion.
Show sources
- 700Credit data breach impacts 5.8 million vehicle dealership customers — www.bleepingcomputer.com — 15.12.2025 18:49
- 700Credit data breach impacts 5.8 million vehicle dealership customers — www.bleepingcomputer.com — 15.12.2025 18:49