Connect with us

Hi, what are you looking for?

News

AU10TIX Exposes Admin Credentials, Potentially Compromising Client Data for Over a Year

AU10TIX Exposes Admin Credentials, Potentially Compromising Client Data for Over a Year
AU10TIX Exposes Admin Credentials, Potentially Compromising Client Data for Over a Year

AU10TIX, an Israeli company that verifies IDs for clients like TikTok, X, and Uber, accidentally left important admin credentials exposed for over a year. This company uses photos of faces and driver’s licenses to verify identities, which could have been accessed by hackers. Mossab Hussein from the cybersecurity firm spiderSilk discovered this exposure and criticized AU10TIX for not protecting people’s sensitive information properly.

The exposed credentials gave access to a platform with links to identity documents. There is evidence that hackers may have found and used these credentials. They were likely stolen by malware in December 2022 and appeared on Telegram in March 2023. 404 Media found many passwords and tokens linked to an AU10TIX manager.

AU10TIX Exposes Admin Credentials, Potentially Compromising Client Data for Over a Year

AU10TIX Exposes Admin Credentials, Potentially Compromising Client Data for Over a Year

If hackers accessed this data, it could include names, birthdates, nationalities, ID numbers, and document images, which is enough for identity theft. Hackers could use this information to cause serious harm by logging in and misusing the data.

AU10TIX admitted the mistake but said there’s no evidence the data was exploited. They have notified affected customers and are upgrading to a more secure system. Some clients, like Upwork, had already switched providers before this breach was known. Others, like Fiverr and Coinbase, said they aren’t aware of any data exposure but still work with AU10TIX. X started using AU10TIX in September for verifying premium users.

This incident is part of a larger trend where hackers steal customer data and sell it on platforms like Telegram and the dark web. Other organizations, including AT&T, LoanDepot, and the US Department of Defense, have faced similar issues, highlighting the need for stronger cybersecurity measures to protect sensitive information.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Tech

Amazon Web Services (AWS) recently unveiled several innovations aimed at enhancing the development and deployment of generative AI applications, addressing concerns around accuracy and...

Cars

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos.

Tech

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos.

Cars

Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum.