DEV Community

CloudDefense.AI
CloudDefense.AI

Posted on • Originally published at clouddefense.ai

Major Identity Verification Firm AU10TIX Exposes User Data in Year-Long Security Lapse

Major Identity Verification Firm AU10TIX Exposes User Data in Year-Long Security Lapse

In a significant security breach, AU10TIX, an Israeli firm known for verifying identities for platforms like TikTok, Uber, and X (formerly Twitter), left its administrative credentials exposed online for over a year. This oversight potentially compromised the personal information of millions of users, including facial images and driver's licenses.

AU10TIX Background

Founded in 2002 and headquartered in Hod HaSharon, Israel, AU10TIX specializes in various identity verification services, such as age verification, biometric verification, and deepfake detection. They operate behind the scenes for many popular apps and services.

The Breach Details

  • December 2022: Admin credentials were likely first compromised through malware.
  • March 2023: These credentials were found on a public Telegram channel.
  • June 2024: The credentials were still active when cybersecurity experts discovered them.

The exposed credentials allowed access to a logging platform that contained links to identity documents and verification results, including names, birth dates, nationalities, ID numbers, and document images. Cybersecurity firm spiderSilk, led by Chief Security Officer Mossab Hussein, identified this breach.

Response and Repercussions

Initially, AU10TIX downplayed the breach, claiming the credentials were promptly revoked. However, 404 Media revealed that the credentials were still functional, contradicting AU10TIX’s statement. The company later admitted that data was "potentially accessible" but claimed no evidence of exploitation.

Responses from companies using AU10TIX’s services varied:

  • Upwork: Distanced itself, stating they now use a different provider.
  • X (formerly Twitter): Recently partnered with AU10TIX and has remained relatively silent.
  • Fiverr and Coinbase: Claimed no awareness of data exposure but continued using AU10TIX.

Potential Consequences

Exposed data, including names, birth dates, and ID numbers, can lead to identity theft, financial fraud, and misuse of facial images. This breach underscores the risks associated with the increasing trend of apps and websites requiring identity verification.

Broader Implications

The AU10TIX breach highlights the vulnerabilities in handling sensitive information. With more platforms demanding stringent identity checks, the risk of data breaches increases. Notably, this incident is part of a series of similar breaches, emphasizing the need for improved security measures.

Preventability and Advanced Solutions

This breach was avoidable with basic security practices such as regular password rotation and multi-factor authentication. Additionally, advanced tools like cloud-native application protection platforms (CNAPPs), including CloudDefense.AI, can provide comprehensive security insights. These tools offer real-time data security posture management (DSPM), which helps identify and mitigate vulnerabilities effectively.

Final Thoughts

The AU10TIX incident serves as a wake-up call for companies handling personal data. Robust security measures are crucial to protect user information and prevent identity theft and fraud. Companies must adopt advanced security tools and proactive measures to safeguard data in today’s digital landscape.

Top comments (1)