AU10TIX’s lapse in securing its admin login could cost users their identity.
AU10TIX, an identity verification company, left its users’ personal information exposed after it failed to secure the login credentials of an admin account. According to reports, the identity verification service failed to protect the admin account’s login details for over 18 months, allowing anyone who noticed the lapse to access the user data available through the account. The identity verification service has exposed users of Coinbase, PayPal, Upwork, LinkedIn, TikTok, Fiverr, and other prominent platforms that have made use of the tools provided by the organization. Identity theft protection is a serious responsibility especially for companies that collect and store sensitive user data, even briefly.
No signs of identity theft have been reported so far but users who have verified their accounts on any of these platforms should review their account activity and treat the situation with utmost seriousness.
AU10TIX’s Identity Verification Platform Left Admin Credentials Exposed for Over a Year
The public data breach reported at AU10TIX is not recent. The problem began in December 2022, when the admin account information was assumed to have been accessed by malware. The details of the account were then shared via Telegram among hacker communities in March 2023, which tells us that the credentials have been exchanged by a few hands at least. The identity verification services had assumed they had secured the information but this was not the case.
For over 18 months, the admin account remained exposed, which meant that the user data from the various platforms subscribed to the service had been exposed. The information was brought to light by cybersecurity researchers at spiderSilk who exposed the story to 404 Media. Public data breaches can be very damaging as they have the potential to reveal a significant amount of personal information about the users—information that can be misused quite easily.
AU10TIX’s identity verification service works by asking users to verify who they are by taking a selfie and pinning it against a government ID such as a driver’s license to confirm they are the real deal. Not only would the failure of the identity protection service mean that the user names and images have been exposed, but the presence of a government ID along with birth dates, ID numbers, and the user’s image may have easily been used for criminal activity or fiscally risky tasks like taking out a fake loan.
Verified accounts are seen as more legitimate and reliable on any platform and users are encouraged to prove their identity to bolster their presence on these different platforms. This is why AU10TIX’s identity verification services are able to find interested clients who want a safe way to certify their user accounts. Now, the possibility of identity theft is something all the individuals who have used the service need to be wary about.
Public Data Breaches Are Growing More Common
Coinbase, one of the companies linked to the AU10TIX case of stolen data, has denied any issues of data exposure so far. A Coinbase representative told Cointelegraph that the company was currently monitoring the situation and it hadn’t found anything of concern so far. Other platforms that use the identity verification service have not made any public statements about threats to their user data either. X/Twitter, a recent partner of the company, had signed on to the platform when none of this information was known, but they may be more uncertain about the partnership depending on how the situation evolves.
The AU10TIX identity verification service breach is an example of a very simplistic violation of trust between users and customers, but phishing attacks and security breaches are growing more common. AT&T experienced a security breach a few months ago where the Social Security details of 7.6 million current account holders and 65.4 million former accounts were leaked. BBC also reported a data breach that exposed the employee records of over 25,000 employees.
These vulnerabilities are leaving more and more individuals at risk of identity theft, which is a serious cause for concern. Action should be taken immediately to protect personal accounts and users should regularly monitor their credit statements for any signs of unusual activity. Switching to a reliable identity theft protection service is also recommended, even if such incidents do evoke some apprehension.
For now, the ID verification platform AU10TIX has denied that the exposed data has been exploited or misused in any way, with “no malicious activity and no data leakage” detected from their systems. They claim that the credentials have been removed completely and can no longer be used to access user information.