Skip to main content

More than 750,000 U.S. birth certificate applications exposed online

Here’s another story of apparently sloppy practices by a company charged with looking after our personal data online.

According to TechCrunch, more than 750,000 U.S. birth certificate applications have been found exposed online in an Amazon Web Services (AWS) storage bucket, which is essentially a cloud-based storage solution.

Recommended Videos

The exposed data — held by a company that helps people obtain a copy of their birth certificates — reportedly has no password protection, and the web address where the applications are held is “easy to guess.”

Please enable Javascript to view this content

The company is yet to respond to inquiries about the security blunder, and with the data apparently still exposed, TechCrunch has opted not to name the company in order to protect affected customers.

The cache was discovered by U.K.-based cybersecurity firm Fidus. The exposed forms show a range of information that includes the applicant’s name, date of birth, home address, email address, and phone number.

They also show historical information linked to applicants such as past addresses, names of family members, and the reason for the application, which could include anything from applying for a passport to researching family history.

It doesn’t appear that any payment or financial data is involved.

In its report, TechCrunch said the exposed applications date back to 2017. The cache is being updated on a daily basis, too, with one particular week seeing as many 9,000 fresh applications added.

Amazon has since said that it will inform the company of the situation, but added that it can’t take direct action to resolve the issue.

Responding to a slew of cases where companies have failed to properly configure their AWS settings to password protect their storage buckets, Amazon just a few days ago launched a new tool enabling its business customers to more easily review their bucket access policies and also provide alerts if a bucket is open to the public.

In a similar case that occurred just last month, around 450,000 MTG Arena and Magic Online players had their personal data exposed after a database backup file was left in a public AWS storage bucket without any password protection. Wizards of the Coast, the company behind the games, described the error as “an isolated incident related to a legacy database” and said it was unrelated to its current systems.

The company fixed the situation soon after learning about it. We’re now waiting for the company at the center of the birth certificate application blunder to do the same.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Upcoming OnePlus Watch 3 might have a rotating crown
Third part watch face on OnePlus Watch 2r.

After a less-than-exciting launch with the OnePlus Watch 2, it's time for a change — and hopefully, a wearable that more closely matches modern devices. We expect the OnePlus Watch 3 to release on January 7, but now new details suggest it might come with a rotating crown.

This update is a big win for OnePlus Watch fans. The crown has been a long-requested feature that will make it easier to navigate through the interface, and improved sensors give access to ECGs and other features that were missing in the previous generation, according to Yogesh Brar.

Read more
Sega could release its own game subscription service
Old Sonic runs away from Metal Sonic in Sonic Generations X Shadow.

Between Xbox Game Pass, PlayStation Plus, and even Nintendo Switch Online, it feels like every company has its own subscription. Throw in Ubisoft+, EA Play, and multiple other companies and you have a veritable free-for-all. Now, Sega's new president, Shuji Utsumi, says the beloved company is considering a similar offer, although he remained tight-lipped on details.

In an interview with the BBC, Utsumi said, "We're thinking something — and discussing something — we cannot disclose right now," he said. The statement followed Utsumi saying the subscription services were "very interesting."

Read more
Google proposes big changes for the future of Search and Android apps
Google Chrome on an Android phone.

Google’s ongoing antitrust tussle spawned a list of sweeping policy suggestions — including a proposed sale of the Chrome business — by the Department of Justice. The focus of the lawsuit centers on the Search monopoly, but it has serious ramifications for Android and the overall browser situation.

Now, Google has shared its own “remedies proposal” to the DOJ’s recommendations, which it claims are going “far beyond what the Court’s decision is actually about.”

Read more