Skip to main content
  1. Home
  2. News

More than 750,000 U.S. birth certificate applications exposed online

By

Here’s another story of apparently sloppy practices by a company charged with looking after our personal data online.

According to TechCrunch, more than 750,000 U.S. birth certificate applications have been found exposed online in an Amazon Web Services (AWS) storage bucket, which is essentially a cloud-based storage solution.

Recommended Videos

The exposed data — held by a company that helps people obtain a copy of their birth certificates — reportedly has no password protection, and the web address where the applications are held is “easy to guess.”

Please enable Javascript to view this content

The company is yet to respond to inquiries about the security blunder, and with the data apparently still exposed, TechCrunch has opted not to name the company in order to protect affected customers.

The cache was discovered by U.K.-based cybersecurity firm Fidus. The exposed forms show a range of information that includes the applicant’s name, date of birth, home address, email address, and phone number.

They also show historical information linked to applicants such as past addresses, names of family members, and the reason for the application, which could include anything from applying for a passport to researching family history.

It doesn’t appear that any payment or financial data is involved.

In its report, TechCrunch said the exposed applications date back to 2017. The cache is being updated on a daily basis, too, with one particular week seeing as many 9,000 fresh applications added.

Amazon has since said that it will inform the company of the situation, but added that it can’t take direct action to resolve the issue.

Responding to a slew of cases where companies have failed to properly configure their AWS settings to password protect their storage buckets, Amazon just a few days ago launched a new tool enabling its business customers to more easily review their bucket access policies and also provide alerts if a bucket is open to the public.

In a similar case that occurred just last month, around 450,000 MTG Arena and Magic Online players had their personal data exposed after a database backup file was left in a public AWS storage bucket without any password protection. Wizards of the Coast, the company behind the games, described the error as “an isolated incident related to a legacy database” and said it was unrelated to its current systems.

The company fixed the situation soon after learning about it. We’re now waiting for the company at the center of the birth certificate application blunder to do the same.

Editors’ Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Google’s new policy tracks all your devices with no opt-out
View of synced tab groups appearing on an iPad.

Google has begun enforcing new tracking rules across connected devices, such as smartphones, consoles, and smart TVs, as BBC reports. The tech giant once called the fingerprint tracking technique "wrong" in 2019, but has since reintroduced it.

Google has commented that other companies broadly use the data, and it started using it on February 16, 2024. However, that may not sound any better since fingerprinting gathers user data about devices' hardware and software, which can then uniquely identify a specific device or user.

Read more
I’ve been waiting for this possible Windows 11 transfer tool
Windows 11 on several devices.

A new transfer app for Windows 11 may be in the works, as Dongle and Microsoft watcher Phantomofearth discovered it in a preview build, as Windows Latest reports. If released, the transfer app could offer options like "Back up to this PC" and "Transfer files to a new PC," streaming the migration process without needing an external storage device or cloud services.

Once you've made your selection, the process continues. The app could ask you to connect your old PC to the same Wi-Fi network, highlighting that it'll use wireless transfer mode. If you've used Nearby Sharing, the transfer app's process will feel familiar since it might be used to make the transfer process possible. The app could ask you to pair the two PCs to begin the transfer. The app should start the transfer session on the new PC and recommend connecting to a power source since the process could take a while. However, the app could not show the available controls or the set of files it'll copy.

Read more
Microsoft shocks users by backtracking on sign-in changes
microsoft headquarters

No, you're not imagining it—Microsoft did announce sign-in changes for February. But now, the company is backtracking, claiming the reports relied on "incomplete information," The Verge reports. The now erased information stated that you would stay signed in automatically unless private browsing was used or you signed out.

“There will be no changes to Microsoft users’ commercial (Microsoft Entra) or consumer (Microsoft account) sign in experiences in February,” said Microsoft corporate vice president of identity & network access program management Alex Simons to The Verge. “Media reports were based on incomplete information mistakenly published by a Microsoft product team. The incorrect notifications have been removed.”

Read more