Latest in Gear

Image credit: LPETTET via Getty Images

752,000 US birth certificate applications were exposed online

TechCrunch discovered a data cache that isn’t protected by a password.
220 Shares
Share
Tweet
Share

Sponsored Links

LPETTET via Getty Images

According to a report from TechCrunch, an online company that allows people in the US to obtain a copy of their birth certificate has exposed more than 752,000 applications. The case of negligence was discovered by Fidus Information Security, a company that conducts online penetration testing, and verified by TechCrunch. The two found that the company is storing the applications on an Amazon Web Services (AWS) cache that's not protected by a password. By simply entering the "easy-to-guess" address of the cache in a browser, a malicious visitor could access the documents held within. TechCrunch didn't disclose the name of the company to protect the privacy of those who used its service.

The applications include information like the applicant's name, their date of birth, current home address, email and phone number. Additionally, they included other details about people's lives, such as their previous address, the names of their family members and the reason they applied to get the documents in the first place.

The cache includes applications dating back to 2017. The company that maintains the database has added about 9,000 applications each day since TechCrunch started looking into it. The data cache also includes some 90,400 death certificate applications, but TechCrunch says it wasn't able to access or download those.

To make matters worse, beyond automated emails, the company hasn't responded to messages. Amazon, meanwhile, said it would notify the company of the exposure.

While the scale of this exposure isn't as big as we've seen in some past instances, it once again underscores the need for updated legislation related to how companies handle sensitive documents online. Earlier this year, a ProPublica investigation found that the medical data of some 5 million Americans was easy to obtain online. While the types of documents were different, in both cases ProPublica and TechCrunch found servers that weren't even password protected.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
220 Shares
Share
Tweet
Share

Popular on Engadget

Nintendo wins legal battle against one of Tokyo's real-life 'Mario Kart' tours

Nintendo wins legal battle against one of Tokyo's real-life 'Mario Kart' tours

View
Scientists tried to recreate a mummy's voice with an electronic larynx

Scientists tried to recreate a mummy's voice with an electronic larynx

View
Lab-grown heart muscles transplanted into a human for the first time

Lab-grown heart muscles transplanted into a human for the first time

View
Roku's speakers can finally turn into a surround sound system

Roku's speakers can finally turn into a surround sound system

View
Benjamin Moore's ColorReader can match your paint with your shirt

Benjamin Moore's ColorReader can match your paint with your shirt

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr