An online company in the US that is known to help provide a copy of the birth certificate to the concerned individual has fallen prey to data breach. Around more than 752,000 applications have been found to have fallen prey to data breach. Fidus Information Security, a well-known online penetration testing company, has found the company irresponsible in terms of data security. The online penetration testing company found the other firm to be storing the applications on an Amazon Web Services (AWS) cache that too without any password. Thus, hackers could easily enter an easy-to-guess address to gain access to the documents. The name of the company responsible has not yet been disclosed keeping the privacy of the users using the service in mind.
The documents included birth date, email id, phone number, names, home address, and more. The entire history of the applicant such as the previous address, family members, and the reason behind the need for a copy were all clearly mentioned. Thus, the applicants whose data have been breached are at great risk as all their personal details are out in the public, especially the wrong hands. The cache included applications dating back to 2017. Around 9,000 applications were found to be added each day into the database since then. There were death certificate applications of almost 90,400 people as well. The data hacked were no longer accessible or downloadable. The company has not yet commented on anything and thus, Amazon has taken up the responsibility to inform the concerned company. The companies are being questioned over the handling of sensitive documents online. In another instance, 5 Million Americans had their medical data exposed online.
Parallelly, a UK-based company Mixcloud had more than 20 Million user accounts exposed online after their data were found to be put up for sale on the dark web. One of the suppliers mentioned that the event seems to have taken place sometime in November. The data was found to be scrambled with the SHA-2 algorithm such that its unscrambling was even more difficult. The data had usernames, email addresses, IP address, links to profile picture, sign-ins, and passwords of the user. Almost 22 Million records seem to have been breached.