Large real estate tech vendor Lone Wolf Technologies‘ legacy software platform loadingDOCS had a security vulnerability that could have potentially exposed stored information to hackers, though there is no evidence that data was breached, a company spokesperson told Inman, citing an internal study.

“We did have a small security vulnerability on a product that’s called loadingDOCS, which our legacy document review solution,” said Kate Annis, Lone Wolf’s vice president of marketing. “There’s less than 50 customers on it. We eliminated the issue within hours of the discovery. There was no evidence that any data was breached.”

Lone Wolf is a real estate software company that says it supports over 10,000 real estate offices in the United States and boats more than 50 percent of the top 500 residential brokerages as clients – including at RE/MAX, where the software is offered as a perk, and the NRT companies (a subsidiary of Realogy).

LoadingDOCS is a product the company no longer sells on the market – it’s been replaced by TransactionDesk.

“It was greatly exaggerated how much the vulnerability could have been,” said Annis. “You would need client does and a whole bunch of information to even access the data, but no data was accessed at all. We did significant studies to show nothing was found at all to have had a data breach.”

Canadian real estate company eZmax posted the alert on SECLists.org, which said randomly changing the number at the end of Lone Wolf’s customer data URLs allowed anyone to remotely access multiple files from multiple customers.

“So anyone using a robot could download thousands of files containing sensitive information,” the email read. “(Brokerage contracts, trust account details, Fintrac details, etc). We don’t even need to be logged in the software as these URLs are public facing without any session or user validation.”

According to the alert, the issue was discovered by another company on August 3rd and Lone Wolf was notified first on August 17. They were notified again on September 5 and allegedly addressed the problem on September 6. Lone Wolf then allegedly disclosed the vulnerability on September 10.

A spokesperson for eZmax told Inman it notified Lone Wolf of the break, then followed protocol as required, reporting the breach to a security list.

Lone Wolf’s signature product is brokerWolf, a back-end office solution that provides transaction management, accounting, automated commissions and expenses and reports on membership and profitability, according to the company website.

In an email, a spokesperson from RE/MAX confirmed its approved suppliers program was not notified of any security issues.

Email Patrick Kearns

Update: Story was updated to add clarifying details about eZmax’s role in notifying the public of the security issue. 

Show Comments Hide Comments

Comments

Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
Success!
Thank you for subscribing to Morning Headlines.
Back to top
×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription