As social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too. A company that verifies the identities of TikTok, Uber, and X users, sometimes by processing photographs of their faces and pictures of their drivers’ licenses, exposed a set of administrative credentials online for more than a year potentially allowing hackers to access that sensitive data, according to screenshots and data obtained by 404 Media.
The Israel-based company, called AU10TIX, offers what it describes
on its website as “full-service identity verification solutions.” This includes verifying peoples’ identity documents, conducting “liveness detection” in a real-time video stream with the user, and performing age verification, where a service will predict how old someone is based on their uploaded photo. AU10TIX also includes the logos of other companies on its site, such as Fiverr, PayPal, Coinbase, LinkedIn, and Upwork, some of which confirmed to 404 Media they are active or former AU10TIX clients.
www.404media.co
