June 27 (Portaltic/EP) –
A cybersecurity firm that manages the social platform identity verification such as TikTok, X, LinkedIn and Coinbase, has had administrative credentials that allowed access to sensitive data, including identity documents, exposed for a year.
AU10TIX is a company of Israeli origin that offers real-time identity verification solutions, a product that has seen demand grow in recent years with the efforts of digital platforms to ensure the identity and age of their users.
As reported in 404Mediumthis company has had a set of administrative credentials were exposed for more than a year that allowed you to log in to a platform that included links to identity documents, such as a driver’s license, that were used for the verification process.
Threat actors are suspected of having used these credentials and accessed sensitive data, such as name, date of birth, photograph, nationality and identification number, According to documents obtained by the aforementioned media, which include: Engadget. The credentials would have been obtained with malware in December 2022 and later shared on a Telegram channel in March 2023.
AU10TIX has acknowledged in a statement that the data was potentially accessible, but has denied that it has been used by malicious actors. It has also reported that they are changing the operating system and that they have notified those affected of what happened.
Between the Clients, current and former, there are digital services such as TikTok, X, Uber, LinkedIn, PayPal and Coinbase. Some of them stopped using this provider’s solutions before the security breach occurred, according to 404Media.
Add Comment