Researchers determine AU10TIX disclosure could have been harvested by infostealing malware.
A company that verifies the identities of TikTok, Uber, and X users, sometimes by processing photographs of their faces and pictures of their drivers’ licenses, exposed a set of administrative credentials online for more than a year.
According to a report by 404 Media, the accidental disclosure by AU10TIX would potentially allow attackers to access sensitive data, and highlights a growing concern as more social networks move towards identity or age verification models, requiring users to upload real identity documents.
The credentials that enabled the breach appear to have been harvested by an Infostealing malware in December 2022 and were first posted to a Telegram channel in March 2023. 404 Media downloaded these credentials and found the name matched that of someone listed on LinkedIn as a Network Operations Center Manager at AU10TIX.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
