science

More than 750,000 applications for US birth certificates is found exposed online


More than 750,000 applications for US birth certificates dating back to 2017 were found in an unsecure storage bucket online.

The records contain applicant’s name, date-of-birth, current home address, email address, phone number and historical personal information, including past addresses, names of family members and the reason for the application.

The storage bucket was found on an Amazon Web Serivce (AWS), which also held over 90,000 death certificate copies, but none of which were able to be accessed without a password.

However, the data trove was online without a password, allowing anyone to download the documents, as reported on by TechCrunch.

The firm that discovered the bucket has contacted the local data protection authority to warn them of the exposed data, but has yet to receive a response – the bucket is still online at this time.

More than 750,000 applications for US birth certificates dating back to 2017 were found in an unsecure storage bucket

More than 750,000 applications for US birth certificates dating back to 2017 were found in an unsecure storage bucket

The applications were to provide US citizen’s with copies of their birth certificate, which contain a range of personal information.

This includes their name, date-of-birth, current home address, email address, phone number and historical personal information, including past addresses, names of family members and the reason for the application — such as applying for a passport or researching family history.

The bucket was discovered by Fidus Information Security, a UK-based penetration testing firm, and TechCrunch confirmed the data by matching information in the documents with public records.

Fidus Information Security found another breach online last week that exposed people’s cell phone bills.r.

The records contain applicant’s name, date-of-birth, current home address, email address, phone number and historical personal information, including past addresses, names of family members and the reason for the application

The records contain applicant’s name, date-of-birth, current home address, email address, phone number and historical personal information, including past addresses, names of family members and the reason for the application

The bucket was discovered by Fidus Information Security, a UK-based penetration testing firm, and TechCrunch confirmed the data by matching information in the documents with public records

The bucket was discovered by Fidus Information Security, a UK-based penetration testing firm, and TechCrunch confirmed the data by matching information in the documents with public records

More than 261,300 documents belonged to AT&T, Verizon and T-Mobile subscribers that show names, addresses, phone numbers and call histories.

Bank statements were also found in the bucket, in addition to usernames, passwords and PINS – allowing anyone to access these accounts.

The leak has been tracked back to a Sprint contractor and the marketing agency and although an accident, it is being blamed on a lack of security surrounding the storage of the data.

The server held more than 261,300 documents with a majority being phone bills that go back as far as 2015, as reported by TechCrunch.

More than 261,300 documents belonged to AT&T, Verizon and T-Mobile subscribers that show names, addresses, phone numbers and call histories

More than 261,300 documents belonged to AT&T, Verizon and T-Mobile subscribers that show names, addresses, phone numbers and call histories

The data was being held on Amazon Web Services (AWS) and was found to be without a password, allowing anyone to access the server’s contents

The data was being held on Amazon Web Services (AWS) and was found to be without a password, allowing anyone to access the server’s contents

A Sprint spokesperson told DailyMail.com in an email: ‘As soon as we became aware of the situation, we contacted the vendor and have been assured that a security vulnerability has been corrected.’ 

‘We take the security of customers’ information very seriously and are monitoring this situation closely to ensure that the vendor takes all appropriate steps to strengthen security measures.’

‘Impacted customers will be notified directly with details on how to contact us for additional information.’

The data was being held on Amazon Web Services (AWS) and was found to be without a password, allowing anyone to access the server’s contents.

TechCrunch noted that it is not clear how long the data was exposed before being spotted.

The cell phone bills showed names addresses and phone numbers, and many included call histories of subscriber from AT&T, Verizon and T-Mobile.

The documents were part of the Sprint’s sales tactic, which offers to pay the termination fee if customers leave their current carrier to join theirs

The documents were part of the Sprint’s sales tactic, which offers to pay the termination fee if customers leave their current carrier to join theirs

The documents were part of the Sprint’s sales tactic, which offers to pay the termination fee if customers leave their current carrier to join theirs.

TechCrunch also discovered bank statements and a screenshot of a web page that had subscribers’ online usernames, passwords and account PINs — which in combination could allow access to a customer’s account.

U.K.-based penetration testing company Fidus Information Security found the exposed data, but it wasn’t immediately clear who owned the bucket, TechCrunch reported.

And the server has since been shutdown.

Jeff Deardorff, president of Deardorff Communications, confirmed his company owned the server and told TechCrunch in an email: ‘I have launched an internal investigation to determine the root cause of this issue, and we are also reviewing our policies and procedures to make sure something like this doesn’t happen again.’ 



READ SOURCE

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.