Close Menu
    Login
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    • Home
    • Technology
    • Daily Tech
      • Science and Technology
    • Gadgets
    • Gaming
    • Space Exploration
    • Scope
    • Tech News
    Facebook X (Twitter) Instagram Pinterest YouTube WhatsApp
    Facebook X (Twitter) Instagram
    NewTechManiaNewTechMania
    Login
    • Home
    • Blog
    • Gadgets
      • Gaming
    • Technology
      • Science
    • Automobile
    • Exploration
    • Scope
    • Tech News
    NewTechManiaNewTechMania
    Daily Tech

    An ID verification service that works with TikTok and X left its credentials wide open for a year – technology

    By Skypeak Limits27 June 2024No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    5ce18540 33dc 11ef bfde 8bf611449a1a
    5ce18540 33dc 11ef bfde 8bf611449a1a
    Share
    Facebook Twitter LinkedIn Pinterest Email

    This indicates that hackers may have gained access to sensitive data, such as driver’s licenses, according to the information.

    As revealed by 404 Media, an ID verification organization that works on behalf of a number of companies, including TikTok, X, and Uber, among others, has left a set of administrator credentials exposed for more than a year. The AU10TIX platform, which is situated in Israel, confirms the identities of users by using photographs of their faces and driver’s licenses. This might possibly expose both of these documents to hackers.

    Mossab Hussein, the chief security officer at the cybersecurity company spiderSilk, who was the first person to notice the exposed credentials, described the situation as follows: “My personal reading of this situation is that an ID Verification service provider was entrusted with people’s identities and it failed to implement simple measures to protect people’s identities and sensitive ID documents.”

    🔍🕸️ The latest discovery by spiderSilk covering an incident affecting AU10TIX.

    Thanks @josephfcox for covering this. https://t.co/hoiV95B6XT

    — Mossab Hussein (@mossab_hussein) June 26, 2024

    A logging platform, which in turn featured linkages to identification papers, was directly accessible through the unprotected set of administrative credentials that were left open. In addition, there is a reasonable basis for the suspicion that dishonest individuals obtained these credentials and then used them in some way.

    According to timestamps and messages that were obtained by 404 Media, it appears that malware was responsible for their acquisition in December 2022, and that they were then uploaded to a Telegram channel in March 2023 respectively. The news outlet obtained the credentials and discovered a large number of passwords and login tokens that were associated with a person who describes their position on LinkedIn as that of a Network Operations Center Manager at AU10TIX.

    If hackers were to obtain customer data, the information that they would obtain would comprise a user’s name, date of birth, country, identification number, and photographs of documents that were uploaded. Idiots on the internet would need very little more than this to successfully steal someone’s identity. The only thing they would need to do is steal the credentials, log in, and then begin causing havoc on the system. Oh my goodness.

    According to a statement that was released by AU10TIX regarding the subject, the company stated that the “data was potentially accessible” but that it does not see “no evidence that such data has been exploited.” The business has stated that it has informed customers who have been affected by the issue, and that it is in the process of decommissioning the existing operating system in favor of a new one that places a greater emphasis on security.

    One or more of its partners had already switched verification companies prior to the appearance of this problem. Upwork has “been working with a different service provider for some time now,” according to this statement made by a spokeswoman for the company. On the other hand, X just recently signed up with AU10TIX in September, and it employs government-issued identification cards in order to validate premium users. Despite the fact that they continue to collaborate with AU10TIX, other companies, such as Fiverr and Coinbase, have stated that they are not aware of any data leakage.

    As a means of carrying out their activities, hackers are increasingly turning to the practice of dumping consumer data on Telegram or on the dark web. In the latter part of March, more than 73 million passwords belonging to AT&T were discovered on the dark web. In the same year, LoanDepot and the United States Department of Defense both encountered a problem that was comparable.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleForza Horizon 4 will leave Game Pass and digital shops in December – technology
    Next Article Meta ‘error’ broke Threads and Instagram political content filter – technology

    Related Posts

    Sam Altman Says Mission Driven AI Talent Will Outperform Meta’s

    Skypeaklimits 2024: Your Digital Success Elevate Your Presence

    OpenAI partners with Palmer Luckey’s Anduril to build military AI

    MS assures Windows 11 TPM security requirement won’t change

    Add A Comment

    Comments are closed.

    NewTechMania Logo

    About Us
    Embark on a tech adventure with NewTechMania. From the latest gadgets to emerging technologies, join us in exploring the possibilities that lie ahead.

    Catergories
    • Home
    • Technology
    • Daily Tech
      • Science and Technology
    • Gadgets
    • Gaming
    • Space Exploration
    • Scope
    • Tech News
    Useful Links
    • Home
    • About Us
    • Contact Us
    • Get In Touch
    Facebook X (Twitter) Instagram Pinterest
    • Privacy
    • Cookie
    • Disclaimer
    • Terms
    • DMCA
    • About
    • Contact
    © 2025 NewTechMania. All RightS Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?