A US-based company that allows people to apply for a copy of their birth certificates used unprotected Amazon Web Service cache that allowed access to anyone.
Recently, security researchers from a company known as Fidus Information Security discovered an unprotected cache containing applications of birth certificate applications belonging to over 750,000 US citizens. The cache belongs to a US-based company that allows people to obtain a copy of their own birth certificates.
The applications were discovered on an Amazon Web Services cache, and they were left unprotected, without even a password guarding them. Fidus Information Security reveals that simply entering an address of the cache, which was relatively easy to guess, anyone could have gained access to these applications and documents.
The findings were confirmed by TechCrunch, which published the reveal in its own report. However, both TechCrunch and Fidus Information Security decided not to reveal the name of the negligent firm that owns the cache.
When it comes to the exposed information, it included various personal details such as the applicant’s name, address, email, phone number, as well as their date of birth. Apart from that, the information included numerous other details regarding the applicants, such as family members’ names, their previous address, and even their reason for wanting a copy of their birth certificates.
The reports claim that the exposed applications go back for about two years, to 2017. There were an estimated 9,000 individual applications that were added per day from the moment TechCrunch joined the investigation.
In addition, the cache also included 90,400 death certificates, although these were protected in a way that prevented TechCrunch from obtaining them.
All attempts to contact the company that owns the cache have failed up to this point, which led researchers to turn to Amazon. Amazon itself confirmed that it would report the issue to the firm.
This exposure once again confirms that awareness of online security remains rather low, even when it comes to companies dealing with sensitive data belonging to hundreds of thousands of users. This is far from being the largest data exposure in recent years, but it is still quite serious and more than worthy of addressing.
Images are courtesy of Twitter, Shutterstock.