All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Third-party UK Visa Portal exposed 100,000+ applicants' passports and selfies online

By

Zack Whittaker

4d ago· 3 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

Pure flour-power. Hearty enough to carry you through lunch.

Score85TypenewsSentimentvery negative

Summary

A third-party website called UK Visa Portal, which is not affiliated with the U.K. government, has been publicly exposing the passports and selfie photos of at least 100,000 visa applicants. TechCrunch was notified by an anonymous source about the security lapse. Instead of fixing the vulnerability, the company reportedly responded by sending attorneys to address the issue.

Key quotes

· 3 pulled
A website called UK Visa Portal is publicly exposing the passports and selfie photos of applicants who signed up and paid the site to obtain a U.K immigration visa, TechCrunch has learned.
An anonymous person notified TechCrunch about the security lapse, saying that the website is exposing at least 100,000 documents from people who uploaded their passports and selfies to the website as part of the application process.
The website is not affiliated with the U.K. government, and some have complained that they mistakenly paid a fee to this site.
Snippet from the RSS feed
The third-party website exposed applicants' sensitive documents as part of the U.K. visa application process. Instead of fixing the issue, the company sent attorneys.

You might also wanna read

Lapsus$ leaks 4TB of voice biometrics and ID documents from 40,000 AI contractors on Mercor platform

The extortion group Lapsus$ leaked approximately 4TB of data from Mercor, an AI contractor platform, containing voice biometric samples pair

app.oravys.com·1mo ago

Pentagon Confirms Adversaries Using Commercial Phone Location Data to Target US Troops

The Pentagon was warned for nearly a decade that commercial location data from mobile phones could be exploited by adversaries to track US m

wired.com·1d ago

New browser-based side-channel attack uses SSD activity analysis to spy on users

Researchers have discovered a new browser-based side-channel attack that can spy on users by analyzing SSD (Solid State Drive) activity thro

arstechnica.com·1d ago

New FROST technique lets websites track visitors by analyzing SSD activity

A new tracking technique called FROST (fingerprinting remotely using OPFS-based SSD timing) allows websites to spy on visitors by analyzing

23.social·3d ago

Trump Mobile investigates data leak exposing customer names and contact details

A potential security flaw on Trump Mobile's website may have exposed personal information (names, emails, addresses, phone numbers) of thous

independent.co.uk·4d ago

Researchers Demonstrate How Inaudible Audio Commands in Podcasts and Videos Can Hijack AI Voice Assistants

Researchers have demonstrated a new cybersecurity threat where hackers can embed inaudible sounds into podcasts, YouTube videos, or other au

futurism.com·5d ago