A threat actor has released a large database on a popular hacking forum that allegedly came from LendingTree.com. We have analyzed the data and confirmed that it includes extensive private information from 200,643 loan applications that appear to have been submitted through LendingTree’s website. All data appears to be legitimate based on our analysis.
LendingTree is a large, publicly-traded online platform for generating mortgage leads. By going on the LendingTree website, you can complete loan applications and surveys, and then assess different lending options based on your criteria.
LendingTree takes data that customers enter into its website and provides people with lending and mortgage options. From LendingTree’s website:
We help you get your best deal possible on your loans, period. By giving consumers multiple offers from several lenders in a matter of minutes, we make comparison shopping easy. And we all know-when lenders compete for your business, you win!
Unfortunately, however, it appears a massive amount of information that people have entered into LendingTree’s website in 2021 is now being traded on hacker forums.
Earlier this month, two different threat actors posted the database allegedly breached from LendingTree.com. In the most recent post, dated June 18, 2022, the threat actor decided to post the LendingTree database for free. This appears to be based on a disagreement with another user who was attempting to sell the same database.
Either way, the LendingTree database is currently available for anyone to download and view if you have the URL for access from