TikTok, Uber, and X Users’ Personal Data at Risk

In a significant security risk, AU10TIX, a company that provides user identity verification to major tech firms like TikTok, Uber, and X, inadvertently left its administrative credentials online for over a year. The exposure probably allowed malevolent actors to access sensitive user data as they pleased. This has ignited concerns regarding data security in the digital age.

AU10TIX works with big brands: TikTok, Bumble, Uber, Coinbase, X (formerly Twitter), and many more. For the company, the service often amounts to a selfie and a government-issued ID submitted for account verification. Verification is established on image capture and storage, which continues for up to 30 days to guarantee authenticity and prevent fraudulent activities. But now, it’s become more questionable with the recent revelation of administrative credentials.

The breach goes back to September 2022, in which AU10TIX said the malware was able to compromise the credentials of one employee. These credentials would later be leaked on a Telegram channel in March 2023, leaving a window of vulnerability that ill-intent hackers could have taken advantage of. Data from the logging platform included the user’s name, date of birth, nationality, ID number, and document type. There were also links to images of the uploaded documents, opening up thousands of driver’s licenses and other IDs to the attackers.

AU10TIX said in response to the breach that the leaked credentials are no longer valid for entering user data. The company has agreed to decommission its affected operational system, replace it with new, more secure infrastructure, and ensure better security measures.