AU10TIX, the company tasked with making sure you’re really you on apps like TikTok, X, and Uber, just had a major security hiccup. For over a year, a set of admin credentials was out in the wild, potentially giving bad actors a VIP pass to a treasure trove of sensitive user data.
This isn’t just about passwords being leaked. We’re talking selfies, driver’s license scans, and all the juicy details that prove you’re not a bot or a fraudster when you’re trying to get a ride or post a viral dance.
SpiderSilk, a cybersecurity firm with a knack for finding these digital oopsies, stumbled upon the exposed credentials. They paint a pretty grim picture: anyone with these login details could access a logging platform chock-full of identity documents.
But here’s the kicker – the good guys might have been late to the party. There’s evidence suggesting malware snagged these credentials back in December 2022, with the info making rounds on Telegram by March 2023.
If someone did sneak into this data goldmine (which AU10TIX swears hasn’t happened), they’d have hit the identity theft jackpot. Names, birthdates, nationalities, ID numbers, and facial images – it’s a scammer’s dream and a user’s nightmare.
AU10TIX is now in damage control mode, notifying affected customers and promising a more secure system overhaul. But this incident raises serious questions about the company’s security chops, especially considering they signed X as a client just last September with a seemingly spotless record.
