Identity Verification Service Exposes User’s Driver’s Licenses for X, TikTok, and Uber Users
A major security breach was recently uncovered involving a well-known identity verification company that works with big names like TikTok, Uber, and more. According to a report from 404 Media, sensitive user information, including images of American driver’s licenses, was left vulnerable due to exposed administrative login credentials.
Security Breach Revealed
AU10TIX, the company in question, offers identity verification services that require users to provide various personal data points, such as selfies and government-issued ID images. This information is crucial for confirming a user’s identity, but it can also pose a privacy risk if mishandled.
Company’s Response
After being alerted to the situation by a cybersecurity researcher, AU10TIX claimed that the incident occurred over 18 months ago and that employee credentials were promptly revoked. However, the security researcher contradicted this statement by revealing that the credentials were still active as of the current month. In response, AU10TIX stated that they were taking steps to dismantle the system associated with the compromised credentials.
The company reassured that although potentially sensitive data was accessible, there is no evidence to suggest that it was exploited. They emphasized the importance of customer security and confirmed that affected parties have been notified.
It’s worth noting that AU10TIX has collaborated with numerous other prominent platforms and brands, including PayPal, LinkedIn, Coinbase, and more.
