This indicates that hackers may have gained access to sensitive data, such as driver’s licenses, according to the information.
As revealed by 404 Media, an ID verification organization that works on behalf of a number of companies, including TikTok, X, and Uber, among others, has left a set of administrator credentials exposed for more than a year. The AU10TIX platform, which is situated in Israel, confirms the identities of users by using photographs of their faces and driver’s licenses. This might possibly expose both of these documents to hackers.
Mossab Hussein, the chief security officer at the cybersecurity company spiderSilk, who was the first person to notice the exposed credentials, described the situation as follows: “My personal reading of this situation is that an ID Verification service provider was entrusted with people’s identities and it failed to implement simple measures to protect people’s identities and sensitive ID documents.”
🔍🕸️ The latest discovery by spiderSilk covering an incident affecting AU10TIX.
— Mossab Hussein (@mossab_hussein) June 26, 2024
Thanks @josephfcox for covering this. https://t.co/hoiV95B6XT
A logging platform, which in turn featured linkages to identification papers, was directly accessible through the unprotected set of administrative credentials that were left open. In addition, there is a reasonable basis for the suspicion that dishonest individuals obtained these credentials and then used them in some way.
According to timestamps and messages that were obtained by 404 Media, it appears that malware was responsible for their acquisition in December 2022, and that they were then uploaded to a Telegram channel in March 2023 respectively. The news outlet obtained the credentials and discovered a large number of passwords and login tokens that were associated with a person who describes their position on LinkedIn as that of a Network Operations Center Manager at AU10TIX.
If hackers were to obtain customer data, the information that they would obtain would comprise a user’s name, date of birth, country, identification number, and photographs of documents that were uploaded. Idiots on the internet would need very little more than this to successfully steal someone’s identity. The only thing they would need to do is steal the credentials, log in, and then begin causing havoc on the system. Oh my goodness.
According to a statement that was released by AU10TIX regarding the subject, the company stated that the “data was potentially accessible” but that it does not see “no evidence that such data has been exploited.” The business has stated that it has informed customers who have been affected by the issue, and that it is in the process of decommissioning the existing operating system in favor of a new one that places a greater emphasis on security.
One or more of its partners had already switched verification companies prior to the appearance of this problem. Upwork has “been working with a different service provider for some time now,” according to this statement made by a spokeswoman for the company. On the other hand, X just recently signed up with AU10TIX in September, and it employs government-issued identification cards in order to validate premium users. Despite the fact that they continue to collaborate with AU10TIX, other companies, such as Fiverr and Coinbase, have stated that they are not aware of any data leakage.
As a means of carrying out their activities, hackers are increasingly turning to the practice of dumping consumer data on Telegram or on the dark web. In the latter part of March, more than 73 million passwords belonging to AT&T were discovered on the dark web. In the same year, LoanDepot and the United States Department of Defense both encountered a problem that was comparable.