Post
For my blog and newsletter, I wrote about why there have been so many data breaches and security lapses this year *alone* involving the mass-exposure of people's driver's licenses and passports — including new details about an exposure of 223,000 government-issued IDs as recently as this week.
Sign up/RSS/subscribe: https://this.weekinsecurity.com
@zackwhittaker This is really interesting, but to be pedantic you did not have people's passports and driver's licenses, you have images of them. If passports and driver's licenses were only used for what they were designed for, a physical item that is shown to a representative of the state to demonstrate you are allowed to cross a border or drive it would matter no more than the information contained being leaked in any other situation, and this information is not supposed to be secret.
The problem is that some entities treat being able to produce such an image as proof of identity. The existence of these leaks would appear to make such an assumption obviously flawed, and what gen AI has done to such an assumption I do not know. The simple solution seems to be to just stop doing that.
Thankful as ever to Anurag Sen for flagging this huge data breach of 223,000 passports and driver's licenses. We couldn't figure out who the data belongs to, but got the data secured in the end.
Sign up/RSS for my weekly newsletter: https://this.weekinsecurity.com/
Read more on this story: https://this.weekinsecurity.com/it-is-far-too-easy-to-find-leaked-passports-and-drivers-licenses-online/
@zackwhittaker This is absurd. There are more strict rules around storage and handling of credit cards data than of passports.
Governments should step in and make storing this stuff illegal.
Even if companies have a legitimate need to gather this information, I can't see how they need to store it. They've verified the identity...
A space for Bonfire maintainers and contributors to communicate
