Authenticator for X, TikTok Exposes Personal User Info for 18 Months

Authenticator for X, TikTok Exposes Personal User Info for 18 Months

June 27, 2024 at 04:34PM

Personal data and documents of users from popular apps have been exposed to cybercriminals by AU10TIX, a Tel Aviv-based identity verification company. The leaked data includes sensitive personal information such as names, birth dates, nationalities, and images of ID documents. AU10TIX initially claimed to have resolved the issue, but the credentials were still exposed online 18 months after. Solutions like tokenization and zero-knowledge proofs may minimize the need to store sensitive documents and personally identifiable information.

From the meeting notes, it is evident that AU10TIX, a company specializing in identity verification, experienced a significant data breach. Personal data and sensitive documents belonging to users of popular apps were exposed online, including names, birth dates, nationalities, images of ID documents, proprietary data from the company’s verification technology, and credentials of a network operations center manager. These exposed credentials were ultimately posted to Telegram in March 2023.

AU10TIX initially claimed that the credentials were illegally accessed and promptly rescinded, but subsequent investigations showed that the credentials were still exposed online after 18 months. The company expressed intent to take down the exposed logging system and stated that affected customers were notified. However, there is concern about the potential exploitation of the leaked data.

The notes also highlight the growing dilemma faced by app users. They must provide sensitive information and documents to use popular apps, yet they have little control over how this data is processed and stored. The question arises: Is it possible to achieve app security without compromising personal security?

Jason Soroko, senior vice president of product at Sectigo, suggested several methods for verifying identities that minimize the need to store sensitive documents and personally identifiable information. Examples include tokenization, zero-knowledge proofs, and decentralized identity verification leveraging blockchain technology. These methods aim to enhance security and privacy but require careful implementation and ongoing management to avoid introducing new vulnerabilities.

Full Article