AU10TIX, an Israel-based identity verification company serving major tech platforms like TikTok and Uber, recently faced a significant security breach. Administrative credentials were left exposed online for over a year, potentially granting unauthorized access to sensitive user information including facial images and driver’s licenses used for verification. This lapse allowed access to a logging platform containing links to identity documents and verification results, posing risks of identity theft with compromised data such as names, dates of birth, and nationalities.
The exposed credentials were reportedly collected by malware in late 2022 and later shared on Telegram in 2023, highlighting security vulnerabilities exploited by cybercriminals. While AU10TIX has decommissioned the compromised system and claims no evidence of data exploitation, concerns remain over the impact on user privacy. This incident underscores the critical importance of robust security practices, particularly as online platforms increasingly rely on identity verification for user access.
Mossab Hussein, a cybersecurity expert who discovered the exposed credentials, criticized AU10TIX for inadequate security measures to safeguard user identities and confidential documents. Despite transitioning to a new operating system with enhanced security measures and informing affected customers, some partners like Upwork had already switched to alternative verification providers prior to the breach. Others, such as Fiverr and Coinbase, were reportedly unaware of any data exposure but continue their collaborations with AU10TIX amid ongoing security improvements and heightened vigilance in data protection practices.
