Users of credit monitoring site Credit Karma have complained that they were served other people’s account information when they logged in.
Many took to a Reddit thread and complained on Twitter about the apparent security lapse.
“First time logging in it gave me my information, but as soon as I refreshed the screen, it gave me someone else’s info,” said one Reddit user. “Refreshed again and bam! someone else’s info — it’s like roulette.” Another user said they logged in and out several times and each time they had “full access to a different random person’s credit file,” they said.
One user told TechCrunch that after they were served another person’s full credit report, they messaged the user on LinkedIn “to let him know his data was compromised.”
Another user told us this:
The reports are split into two sections: Credit Factors — things like number of accounts, inquiries, utilization; and Credit Reports — personal information like name, address, etc.. The Credit Reports section was my own information, but the Credit Factors section definitely wasn’t. It listed four credit card accounts (I have more like 20 on my report), a missed payment (I’m 100% on time with payments), a Honda auto loan (never had one with Honda), student loan financing (mine are paid off and too old to appear on my report), and cards with an issuer that I have no relationship with (Discover).
Several screenshots seen by TechCrunch show other people’s accounts, including details about their credit card accounts and their current balance.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Another user who was affected said they could read another person’s Credit Factors — including derogatory credit marks — but that the Credit Report tab with that user’s personal information, like names and addresses, was blank.
One user said that the login page was pulled offline for a brief period. “We’ll be right back,” the login page read instead.
Credit Karma spokesperson Emily Donohue denied there was a data breach, but when asked would not say how many customers were affected.
“What our members experienced this morning was a technical malfunction that has now been fixed. There is no evidence of a data breach,” the statement said.
The company didn’t say for how long customers were experiencing issues.
Credit Karma offers customers free credit score monitoring and reports. The company allows users to check their scores against several major credit agencies, including Equifax, which last month was fined at least $575 million for a 2017 data breach.
FTC slaps Equifax with a fine of up to $700M for 2017 data breach
