An ID verification service for TikTok, Uber and X reportedly left its credentials open for a year

News
By published

Hackers had easy access to user's driver's license info and photos

Shadowed hands on a digital background reaching for a login prompt.
Image Credit: Shutterstock (Image credit: Shutterstock)

Identity verification company AU10TIX kept a set of admin credentials exposed for more than a year, possibly allowing threat actors to steal its customers’ sensitive data.

AU10TIX verifies user identities on behalf of its clients, which include, among others, TikTok, X, and Uber, via selfie pictures and scans of people’s driver’s licenses. 

Cybersecurity researchers from spiderSilk were the first (among white hat researchers) to stumble upon the credentials. They claim that the login information grants access to a logging platform, where access to the identity documents is unabated. 

Stolen credentials

“My personal reading of this situation is that an ID Verification service provider was entrusted with people's identities and it failed to implement simple measures to protect people's identities and sensitive ID documents,” said Mossab Hussein, the chief security officer at spiderSilk. 

Unfortunately, it seems that malicious players beat spiderSilk to the punch, as account information was probably picked up by a piece of malware in December 2022, and shared via Telegram in March 2023. 

If someone did access this database (which AU10TIX claims was not abused in the wild), they would have gotten access to people’s names, birth dates, nationalities, ID numbers, and images of their faces. This is more than enough to run successful identity theft of phishing attacks. Such data is also quite expensive on the black market, too.

AU10TIX said it notified the affected customers and that it is replacing the current operating system with a new one, with more focus on security. 

It signed X as a client in September 2023, when we reported that the company had a clean rap sheet, without any public data breaches. As such, it was seen as a good choice for the social media behemoth. We did, however, said we’d remain skeptical given Musk’s controversial decisions in the past, and we were most definitely right.

Via 404 Media

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Dark Web cybercriminals are buying up ID to bypass KYC methods
Security padlock and circuit board to protect data
Mexican fintech company Miio exposed millions of files of sensitive customer data
Security padlock and circuit board to protect data
Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
This widely-used instant loan app leaks nearly 30 million files of user data
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Apple WWDC 2025 announced

Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
See more latest
Most Popular
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
Data leak
A major Keenetic router data leak could put a million households at risk
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies