(Bloomberg) -- First American Financial Corp. fixed a weakness on its website that “appears to have exposed” more than 885 million records related to mortgage deals going back to 2003, KrebsOnSecurity security researcher Brian Krebs tweeted.

Digitized records that included bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images were available without authentication to anyone with a web browser, KrebsOnSecurity said in report on website.

The security researcher said it notified First American this week after it was contacted by a real estate developer in Washington state who found the vulnerability. KrebsOnSecurity said it did not have any information on whether any fraudsters knew about the leak or if any documents had been mass-harvested.

Krebs earlier on Friday suggested the leak was “truly massive.” The company’s shares fell 2.2% in post-market trading.

First American didn’t comment on the overall number of records potentially exposed or how long those records were publicly available, KrebsOnSecurity said.

“The company took immediate action to address the situation and shut down external access to the application,” a spokesperson told the the researcher. “We are currently evaluating what effect, if any, this had on the security of customer information.”

To contact the reporter on this story: Nathan Crooks in Miami at ncrooks@bloomberg.net

To contact the editor responsible for this story: Sebastian Tong at stong41@bloomberg.net

©2019 Bloomberg L.P.