An anonymous person notified TechCrunch about the security lapse, saying that the website was exposing at least 100,000 documents from people who uploaded their passports and selfies to the website as part of the application process. The exposed data was secured overnight into Wednesday, hours after we published our initial story about the incident. Given the highly sensitive nature of the exposed data, TechCrunch revealed that there was an ongoing security issue, while withholding specific details to minimize any additional risk to individuals' private information. The security lapse is the latest example of companies publicly exposing their customers' sensitive government-issued identity documents in recent weeks, often caused by a misconfiguration rather than an outside cyberattack. The exposure of passports is especially problematic at a time when online identity checks are on the rise around the world, thanks to governments rolling out age-verification laws. The company's lack...
learn more
