A UK visa service website publicly exposed passports and selfie photos of applicants who uploaded documents after paying for visa-related services. At least 100,000 documents were reported as accessible due to a security lapse. The site is not affiliated with the U.K. government, and some users said they paid the company instead of using the official GOV.UK website. Verification was performed by contacting affected individuals to confirm the exposed information. The site lacked a security reporting method and did not provide management names or contact details. After notification, responses came from purported attorneys and a public relations firm, but management did not follow up. The exposed data issue remained unresolved.
"A website called UK Visa Portal is publicly exposing the passports and selfie photos of applicants who signed up and paid the site to obtain a U.K immigration visa, TechCrunch has learned."
"An anonymous person notified TechCrunch about the security lapse, saying that the website is exposing at least 100,000 documents from people who uploaded their passports and selfies to the website as part of the application process."
"TechCrunch confirmed that UK Visa Portal is the source of the data leak and verified the authenticity of the exposed data by contacting affected individuals to ask if their information was accurate."
"UK Visa Portal does not have a way to report security issues through its website, nor does its website provide names or contact information for the company's management. TechCrunch sent an email to the address listed on UK Visa Portal's website to alert the company that it has an ongoing security lapse and to ask who in management can accept specific details to resolve the issue."
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]