Skip to main content

More than 750,000 U.S. birth certificate applications exposed online

Here’s another story of apparently sloppy practices by a company charged with looking after our personal data online.

According to TechCrunch, more than 750,000 U.S. birth certificate applications have been found exposed online in an Amazon Web Services (AWS) storage bucket, which is essentially a cloud-based storage solution.

Recommended Videos

The exposed data — held by a company that helps people obtain a copy of their birth certificates — reportedly has no password protection, and the web address where the applications are held is “easy to guess.”

The company is yet to respond to inquiries about the security blunder, and with the data apparently still exposed, TechCrunch has opted not to name the company in order to protect affected customers.

The cache was discovered by U.K.-based cybersecurity firm Fidus. The exposed forms show a range of information that includes the applicant’s name, date of birth, home address, email address, and phone number.

They also show historical information linked to applicants such as past addresses, names of family members, and the reason for the application, which could include anything from applying for a passport to researching family history.

It doesn’t appear that any payment or financial data is involved.

In its report, TechCrunch said the exposed applications date back to 2017. The cache is being updated on a daily basis, too, with one particular week seeing as many 9,000 fresh applications added.

Amazon has since said that it will inform the company of the situation, but added that it can’t take direct action to resolve the issue.

Responding to a slew of cases where companies have failed to properly configure their AWS settings to password protect their storage buckets, Amazon just a few days ago launched a new tool enabling its business customers to more easily review their bucket access policies and also provide alerts if a bucket is open to the public.

In a similar case that occurred just last month, around 450,000 MTG Arena and Magic Online players had their personal data exposed after a database backup file was left in a public AWS storage bucket without any password protection. Wizards of the Coast, the company behind the games, described the error as “an isolated incident related to a legacy database” and said it was unrelated to its current systems.

The company fixed the situation soon after learning about it. We’re now waiting for the company at the center of the birth certificate application blunder to do the same.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Apple Intelligence is right around the corner, with a few absent perks
Apple Intelligence update on iPhone 15 Pro Max.

Back in September. Apple announced that its suite of next-gen AI features would make their way to supported hardware in October. Today, Bloomberg reports that rollout of those AI features – clubbed under the Apple Intelligence banner – will begin on October 28.

The AI toolkit will arrive with the iOS 18.1 update for the iPhone 15 Pro pair, the entire iPhone 16 series, and iPads with M1 (or newer) silicon in the series. Unfortunately, this is not the full Apple Intelligence package that the company announced a while ago.

Read more
Zendaya says the time jump for season 3 of Euphoria will be fascinating
Zendaya in Euphoria on HBO

Few shows have had the kind of impact that Euphoria has had. The show became a phenomenon through its first two seasons and also launched a generation of young talent, including several performers who seem destined to be major movie stars.

As any fan of the show knows, though, it's also been off the air for several years now (season 2 aired in 2022). While the show is returning for a third season, it's been reported that there will be a time jump to account for the aging of the actors. Zendaya, the show's star, thinks that time jump is actually going to be a good thing.

Read more
Can’t get into Throne and Liberty? New server cap limits may help
A group of fantasy warriors fighting a golem in Throne and Liberty.

Amazon's latest MMO Throne and Liberty released at the start of this month, but players have had a harder time getting in and playing than they did clearing old-school Naxxramas. The game has reached player counts of 300,000 at peak since its first day, but the servers have been overwhelmed by the load.

Many players report that they're unable to create a character or transfer servers. Considering that everyone has access to free server transfers twice a day during this launch window, not being able to take advantage of this perk kind of puts a damper on things. According to PCGamesN, Amazon Games has raised the character creation limits on select servers to make it easier for new players to join and existing players to transfer.

Read more