{"id":24774,"date":"2024-06-27T09:10:07","date_gmt":"2024-06-27T17:10:07","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/06\/27\/news-18504\/"},"modified":"2024-06-27T09:10:07","modified_gmt":"2024-06-27T17:10:07","slug":"news-18504","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/06\/27\/news-18504\/","title":{"rendered":"Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more"},"content":{"rendered":"\n

A company that helps to authenticate users for big brands had a set of administration credentials exposed online<\/a> for over a year, potentially allowing access to user identity documents such as driving licenses.<\/p>\n

As more and more legislation emerges requiring websites and platforms\u2014like gambling services, social networks, and porn sites\u2014to verify their users’ age, the requirement for authentication companies offering that service rises.<\/p>\n

You may never have heard of the Israeli based authentication company, AU10TIX, but you will certainly recognize some of its major customers, like Uber, TikTok, X, Fiverr, Coinbase, LinkedIn, and Saxo Bank.<\/p>\n

\"Au10tix<\/figure>\n

AU10TIX checks users’ identities via the upload of a photo of an official document. <\/p>\n

A researcher found that AU10TIX had left the credentials exposed, providing 404 Media with screenshots and data to demonstrate their findings. The credentials led to a logging platform containing data about people that had uploaded documents to prove their identity.<\/p>\n

Whoever accessed the platform could peruse information about those people, including name, date of birth, nationality, identification number, and the type of uploaded document such as a drivers\u2019 license, linking to an image of the identity document itself.<\/p>\n

Research showed that the likely source of the credentials was an infostealer on a computer of a Network Operations Center Manager at AU10TIX.<\/p>\n

Stolen credentials have shown to be a major source of breaches like those recently associated with Snowflake<\/a>. Snowflake pointed to research which found that one cybercriminal obtained access to multiple organizations\u2019 Snowflake customer instances using stolen customer credentials.<\/p>\n

Another major problem is that these sets of credentials get traded and sold all the time. And it\u2019s not as if when you sold them once, that\u2019s it. Digital information can be copied and combined endlessly, leading to huge data sets that criminals can use as they see fit.<\/p>\n

We’ve talked about the dangers of data brokers<\/a> in the past. The California Privacy Protection Agency (CPPA) defines data brokers as businesses that consumers don\u2019t directly interact with, but that buy and sell information about consumers from and to other businesses. There are around 480 data brokers registered with the CPPA. However, that might be just the tip of the iceberg, because there are a host of smaller players active that try to keep a low profile.<\/p>\n

Either way, for any company and particularly an authentication company working with sensitive data, having such an account accessible with just login credentials should be grounds for serious penalties.<\/p>\n

In a statement given to 404 Media, AU10TIX said it was no longer using the system and had no evidence the data had been used:<\/p>\n

\n

\u201cWhile PII data was potentially accessible, based on our current findings, we see no evidence that such data has been exploited. Our customers’ security is of the utmost importance, and they have been notified.\u201d<\/p>\n<\/blockquote>\n

For now, there’s not much that individual users of the brands can do apart from keep an eye out for any official statements, and consider an ongoing identity monitoring solution<\/a>. Below are some general tips on what to do if your data has been part of a data breach:<\/p>\n

Protecting yourself after a data breach<\/h2>\n

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach<\/a>.<\/p>\n