If there is one company that one would dread a leak and left vulnerable to hackers it’s an identity verification service. The identity theft happened to a company that has access to photo ID documents like driver’s licenses that is AU10TIX. The cybersecurity company AU10TIX’s past or present clients include PayPal, Coinbase, X, TikTok, Uber, LinkedIn, Upwork, and Fiverr.
AU10TIX has left a set of administrative credentials exposed for more than a year, as reported by 404 Media. The Israel-based AU10TIX verifies the identity of users by using pictures of their faces and drivers’ licenses, potentially opening up both to hackers.
AU10TIX’s identity verification theft
Identity verification company AU10TIX kept a set of admin credentials exposed for more than a year, possibly allowing threat actors to steal its customers’ sensitive data.
“My personal reading of this situation is that an ID Verification service provider was entrusted with people’s identities and it failed to implement simple measures to protect people’s identities and sensitive ID documents,” Mossab Hussein, the chief security officer at cybersecurity firm spiderSilk who originally noticed the exposed credentials, said.
The set of admin credentials that were left exposed by the ID verification service led right to a logging platform, which in turn included links to identity documents. There’s even some reason to suspect that bad actors got ahold of these credentials and actually used them.
AU10TIX’s identity theft
They appear to have been scooped up by malware in December 2022 and placed on a Telegram channel in March 2023, according to timestamps and messages acquired by 404 Media. The news organization downloaded the credentials and found a wealth of passwords and authentication tokens linked to someone who lists their role on LinkedIn as a Network Operations Center Manager at AU10TIX.
What would phishing attacks include?
If someone did access this database , they would have gotten access to people’s names, birth dates, nationalities, ID numbers, and images of their faces. This is more than enough to run successful identity theft of phishing attacks. Such data is also quite expensive on the black market, too.
AU10TIX has issued a statement on the matter, writing that the “data was potentially accessible” but that it sees “no evidence that such data has been exploited.” The company said that impacted customers have been notified and that it’s decommissioning the current operating system in favor of a new one that focuses more on security.
Identity theft protection
Some of its partners switched verification companies before this issue popped up. A spokesperson for Upwork said that it has “been working with a different service provider for some time now.”
Though X, just signed up with AU10TIX back in September and it uses government-issued IDs to verify premium users. Others, like Fiverr and Coinbase have said they aren’t aware of any data exposure, though they still work with AU10TIX.
Dumping customer data on Telegram or on the dark web has become the most popular way for hackers to do their thing. Back in late March, over 73 million AT&T passwords were leaked onto the dark web. LoanDepot experienced a similar issue this year, as did the US Department of Defense.