Skip to main content
  1. Home
  2. News

More than 750,000 U.S. birth certificate applications exposed online

By

Here’s another story of apparently sloppy practices by a company charged with looking after our personal data online.

According to TechCrunch, more than 750,000 U.S. birth certificate applications have been found exposed online in an Amazon Web Services (AWS) storage bucket, which is essentially a cloud-based storage solution.

Recommended Videos

The exposed data — held by a company that helps people obtain a copy of their birth certificates — reportedly has no password protection, and the web address where the applications are held is “easy to guess.”

The company is yet to respond to inquiries about the security blunder, and with the data apparently still exposed, TechCrunch has opted not to name the company in order to protect affected customers.

The cache was discovered by U.K.-based cybersecurity firm Fidus. The exposed forms show a range of information that includes the applicant’s name, date of birth, home address, email address, and phone number.

They also show historical information linked to applicants such as past addresses, names of family members, and the reason for the application, which could include anything from applying for a passport to researching family history.

It doesn’t appear that any payment or financial data is involved.

In its report, TechCrunch said the exposed applications date back to 2017. The cache is being updated on a daily basis, too, with one particular week seeing as many 9,000 fresh applications added.

Amazon has since said that it will inform the company of the situation, but added that it can’t take direct action to resolve the issue.

Responding to a slew of cases where companies have failed to properly configure their AWS settings to password protect their storage buckets, Amazon just a few days ago launched a new tool enabling its business customers to more easily review their bucket access policies and also provide alerts if a bucket is open to the public.

In a similar case that occurred just last month, around 450,000 MTG Arena and Magic Online players had their personal data exposed after a database backup file was left in a public AWS storage bucket without any password protection. Wizards of the Coast, the company behind the games, described the error as “an isolated incident related to a legacy database” and said it was unrelated to its current systems.

The company fixed the situation soon after learning about it. We’re now waiting for the company at the center of the birth certificate application blunder to do the same.

Editors' Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Your Google Photos app may soon get a big overhaul. Here’s what it looks like
The Google Photos app running on a Google Pixel 8 Pro.

Google Photos is set to get a long-overdue overhaul that will bring new and improved sharing and notification features to the app. With its automatic backups, easy sorting and search, and album sharing, Google Photos has always been one of the better photo apps, and now it's set to get a whole slew of AI features.

According to an APK teardown done by Android Authority and the leaker AssembleDebug, Google is now set to double down on improving sharing features. Google Photos will get a new social-focused sharing page in version 6.85.0.637477501 for Android devices.

Read more
The numbers are in. Is AMD abandoning gamers for AI?
AMD's RX 7700 XT in a test bench.

The data for the first quarter of 2024 is in, and it's bad news for the giants behind some of the best graphics cards. GPU shipments have decreased, and while every GPU vendor experienced this, AMD saw the biggest drop in shipments. Combined with the fact that AMD's gaming revenue is down significantly, it's hard not to wonder about the company's future in the gaming segment.

The report comes from the analyst firm Jon Peddie Research, and the news is not all bad. The PC-based GPU market hit 70 million units in the first quarter of 2024, and from year to year, total GPU shipments (which includes all types of graphics cards) increased by 28% (desktop GPU shipments dropped by -7%, and CPU shipments grew by 33.3%). Comparing the final quarter of 2023 to the beginning of this year looks much less optimistic, though.

Read more
Hackers claim they’re selling the user data of 560 million Ticketmaster customers
A crowd enjoying a music show that you are at because of Ticketmaster.

Ticketmaster is giving people a lot to talk about. If the Justice Department is not suing it, it's reportedly suffering a data breach affecting the vital information of hundreds of millions of users. Hackread reports that a hacker group is claiming it breached Ticketmaster, putting the personal data of 560 million users at risk of suffering all types of attacks.

According to Hackread, the total amount of stolen data reaches 1.3TB and includes personal information such as names, emails, phone numbers, addresses, event details, ticket sales, order information, and partial payment card data. The list doesn't end there, though, as the compromised data also includes customer fraud details, expiration dates, and the last four digits of card numbers.

Read more