The World Baseball Softball Confederation (WBSC) inadvertently exposed approximately 48,000 files, including sensitive passport data, due to a misconfigured Amazon Web Services (AWS) bucket, as discovered by the Cybernews research team.
This incident occurred on June 5th and raised significant concerns about identity theft and fraud risks. Among the exposed files were copies of 4,600 national passports, which contain personal information like full names, date of birth, and unique passport numbers.
As a result, cybercriminals could potentially exploit this data for impersonation, fraudulent activities, and even spear phishing attacks. The WBSC closed the misconfigured AWS bucket after being notified by the research team.
Passport data is a highly critical form of identification, and its exposure puts individuals at risk of identity theft. Cybercriminals could use the stolen information to engage in fraudulent activities such as opening bank accounts, applying for loans, and executing various types of fraud.
Additionally, malicious actors could create counterfeit passports for travel purposes, further compromising individuals’ identities. Stolen passport details can be sold on dark web forums, escalating the risk of identity theft and misuse. The exposure of this sensitive data highlights the importance of securing data repositories to prevent such incidents and safeguard personal information.