ava on Nostr: **Hack of Age Verification Company Shows Privacy Danger of Social Media Laws** ...
**Hack of Age Verification Company Shows Privacy Danger of Social Media Laws**
https://www.eff.org/deeplinks/2024/06/hack-age-verification-company-shows-privacy-danger-social-media-laws"We’ve said it before: online age verification is incompatible with privacy. Companies responsible for storing or processing sensitive documents like drivers’ licenses are likely to encounter data breaches, potentially exposing not only personal data like users’ government-issued ID, but also information about the sites that they visit.
This threat is not hypothetical. This morning, 404 Media reported that a major identity verification company, AU10TIX, left login credentials exposed online for more than a year, allowing access to this very sensitive user data.
A researcher gained access to the company’s logging platform, “which in turn contained links to data related to specific people who had uploaded their identity documents,” including “the person’s name, date of birth, nationality, identification number, and the type of document uploaded such as a drivers’ license,” as well as images of those identity documents. Platforms reportedly using AU10TIX for identity verification include TikTok and X, formerly Twitter."
#cybersecgirl #eff
Published at
2024-06-30 07:42:00Event JSON
{
"id": "50f9cf7db568975d24d09f830059a96d3a43bd60f756399b2c227d1e736ee766",
"pubkey": "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d",
"created_at": 1719726120,
"kind": 1,
"tags": [
[
"t",
"cybersecgirl"
],
[
"t",
"eff"
],
[
"r",
"https://www.eff.org/deeplinks/2024/06/hack-age-verification-company-shows-privacy-danger-social-media-laws"
]
],
"content": "**Hack of Age Verification Company Shows Privacy Danger of Social Media Laws**\n\nhttps://www.eff.org/deeplinks/2024/06/hack-age-verification-company-shows-privacy-danger-social-media-laws\n\n\"We’ve said it before: online age verification is incompatible with privacy. Companies responsible for storing or processing sensitive documents like drivers’ licenses are likely to encounter data breaches, potentially exposing not only personal data like users’ government-issued ID, but also information about the sites that they visit. \n\nThis threat is not hypothetical. This morning, 404 Media reported that a major identity verification company, AU10TIX, left login credentials exposed online for more than a year, allowing access to this very sensitive user data. \n\nA researcher gained access to the company’s logging platform, “which in turn contained links to data related to specific people who had uploaded their identity documents,” including “the person’s name, date of birth, nationality, identification number, and the type of document uploaded such as a drivers’ license,” as well as images of those identity documents. Platforms reportedly using AU10TIX for identity verification include TikTok and X, formerly Twitter.\"\n\n#cybersecgirl #eff\n",
"sig": "2474a98d483941304f00135daf5831f0562e9cd7d4f1d775dc6228a5f6a158c8c4e59edf5268f3a2a7105e9fc3d0c5e26206ccedf247cdeb68ff1c94aa492bb5"
}