Researchers determine AU10TIX disclosure could have been harvested by infostealing malware.
A company that verifies the identities of TikTok, Uber, and X users, sometimes by processing photographs of their faces and pictures of their drivers’ licenses, exposed a set of administrative credentials online for more than a year.
According to a report by 404 Media, the accidental disclosure by AU10TIX would potentially allow attackers to access sensitive data, and highlights a growing concern as more social networks move towards identity or age verification models, requiring users to upload real identity documents.
The credentials that enabled the breach appear to have been harvested by an Infostealing malware in December 2022 and were first posted to a Telegram channel in March 2023. 404 Media downloaded these credentials and found the name matched that of someone listed on LinkedIn as a Network Operations Center Manager at AU10TIX.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
