It was discovered that 'Au10tix,' an ID authentication service using face photos and driver's licenses used by X, TikTok, Uber, etc., had been exposing administrator credentials online for over a year



Companies such as X (formerly Twitter), TikTok, and Uber have introduced a user verification system provided by

Au10tix that uses ID images and selfies. However, it has been pointed out that Au10tix has been exposing administrator credentials for more than a year since December 2022, allowing anyone to access information such as users' names, dates of birth, and nationalities.

ID Verification Service for TikTok, Uber, X Exposed Driver Licenses
https://www.404media.co/id-verification-service-for-tiktok-uber-x-exposed-driver-licenses-au10tix/



An ID verification service that works with TikTok and X left its credentials wide open for a year

https://www.engadget.com/an-id-verification-service-that-works-with-tiktok-and-x-left-its-credentials-wide-open-for-a-year-171258438.html

ID Verification Company Partnered With X Suffered Data Leak, Report Claims
https://reclaimthenet.org/id-verification-company-partnered-with-x-suffered-data-leak-report-claims

Israel-based Au10tix is an identity verification service company that boasts 'verification in just 8 seconds without human intervention' and 'world's first technology to detect synthetic fraud patterns.' It has previously collaborated with companies such as Google, PayPal, and Uber, and X has adopted Au10tix's user verification system as a measure against user impersonation on its paid subscription service Blue since September 2023.

X announces it will start collecting users' educational and work histories and biometric information - GIGAZINE



However, in December 2022, Au10tix's system was infected with malware, resulting in the leak of administrator credentials. Furthermore, in March 2023, the credentials were also made public on Telegram, and foreign media 404 Media reported that 'numerous passwords and authentication tokens related to Au10tix employees were identified. The employee is listed on LinkedIn as a network operations center manager.'

If hackers get their hands on these credentials, they could leak all customer data, including users' names, dates of birth, nationalities, and images of uploaded documents such as IDs and licenses.



'While data, including credentials, was potentially accessible, we have not observed any misuse of such data to date,' Au10tix said in a statement, adding that 'we have notified our customers that we are retiring the current operating system in favor of a new one with a focus on security.'

In response to the series of uproar, some partners have switched verification companies, and a spokesperson for Upwork, which uses Au10tix's identity verification system, reported that 'we are already working with another service provider.' X, Fiverr, Coinbase, and others continue to use the Au10tix system.



Meanwhile, Mosab Hussein, chief security officer at cybersecurity company spiderSilk, criticized Au10tix, saying, 'As an identity verification service provider entrusted with sensitive identities, Au10tix failed to implement simple measures to protect users' identities.'

Related Posts:

in Web Service,   Security, Posted by log1r_ut