An Israeli-based authentication company, AU10TIX, which serves high-profile clients such as Uber, TikTok, X (formerly Twitter), Fiverr, Coinbase, LinkedIn, and Saxo Bank, has inadvertently exposed a set of administration credentials online for over a year. This security lapse potentially allowed unauthorized access to sensitive user identity documents, including driving licenses.
The Growing Importance of User Authentication
As legislation increasingly requires websites and platforms—particularly gambling services, social networks, and adult content sites—to verify users’ ages, the demand for authentication services has risen significantly. AU10TIX specializes in verifying user identities through the upload of official document photos.
Details of the Data Leak
A researcher discovered the exposed credentials and provided evidence to 404 Media. The compromised credentials granted access to a logging platform containing data about individuals who had uploaded documents to prove their identity. This information included:
- Names
- Dates of birth
- Nationalities
- Identification numbers
- Types of uploaded documents (e.g., driver’s licenses)
- Links to images of the identity documents
Potential Source of the Breach
Investigations suggest that the likely source of the credential leak was an infostealer infecting a computer belonging to a Network Operations Center Manager at AU10TIX. This incident highlights the ongoing threat of stolen credentials, which have been implicated in recent high-profile breaches, such as those affecting Snowflake.
The Broader Implications of Data Breaches
The AU10TIX incident underscores several critical issues in cybersecurity:
- The persistent threat of stolen credentials
- The potential for breached data to be traded and sold multiple times
- The role of data brokers in the information ecosystem
The California Privacy Protection Agency (CPPA) defines data brokers as businesses that indirectly buy and sell consumer information. With approximately 480 registered data brokers—and potentially many more operating under the radar—the scale of data trading is significant.
AU10TIX’s Response
In a statement to 404 Media, AU10TIX acknowledged the incident:
“While PII data was potentially accessible, based on our current findings, we see no evidence that such data has been exploited. Our customers’ security is of the utmost importance, and they have been notified.”
The company also stated that it is no longer using the compromised system.
Protecting Yourself After a Data Breach
While users of affected brands await official statements, there are general steps individuals can take to protect themselves in the aftermath of a data breach:
- Follow vendor-specific advice
- Change passwords, using strong, unique combinations
- Enable two-factor authentication (2FA), preferably using FIDO2-compliant hardware
- Be cautious of phishing attempts impersonating the vendor
- Avoid storing payment card details on websites
- Consider setting up identity monitoring services