Israeli-based authentication company AU10TIX, which verifies the identities of TikTok, Uber, X, Fiverr, PayPal, Coinbase, LinkedIn, UpWork, Bumble, and Saxo Bank users leaked driving licenses and other official user documents online, as per a 404 Media report. The set of administrative credentials was exposed online for over a year.
AU10TIX sometimes processes and stores images of users’ faces and driver’s licenses. A researcher found that the ID verification service left exposed credentials that led to a logging platform containing details about people’s uploaded documents, including name, date of birth, nationality, identification number, document type, and images of identity documents.
The report said research showed the credentials likely came from an infostealer on an AU10TIX Network Operations Center Manager computer. The authentication service said it was no longer using the system, and even though PII data was potentially accessible, they had no evidence the data had been exploited. It is not yet known which of its customers’ users have had their PIIs exposed.
The Israeli company offers full-service identity verification solutions that include checking people’s ID documents, using a real-time video stream with the user for “liveness detection,” and predicting how old someone is based on their uploaded picture for age verification.
Lately, more social networks and adult sites have moved towards an identity or age verification approach that requires users to upload ID documents to gain access. The latest news comes from popular explicit content service Pornhub, which blocked a few new U.S. states over privacy concerns as a new legislative bill that requires ID verification to access adult websites.