Skip to main content
  1. Home
  2. News

More than 750,000 U.S. birth certificate applications exposed online

By

Here’s another story of apparently sloppy practices by a company charged with looking after our personal data online.

According to TechCrunch, more than 750,000 U.S. birth certificate applications have been found exposed online in an Amazon Web Services (AWS) storage bucket, which is essentially a cloud-based storage solution.

Recommended Videos

The exposed data — held by a company that helps people obtain a copy of their birth certificates — reportedly has no password protection, and the web address where the applications are held is “easy to guess.”

Related

The company is yet to respond to inquiries about the security blunder, and with the data apparently still exposed, TechCrunch has opted not to name the company in order to protect affected customers.

The cache was discovered by U.K.-based cybersecurity firm Fidus. The exposed forms show a range of information that includes the applicant’s name, date of birth, home address, email address, and phone number.

They also show historical information linked to applicants such as past addresses, names of family members, and the reason for the application, which could include anything from applying for a passport to researching family history.

It doesn’t appear that any payment or financial data is involved.

In its report, TechCrunch said the exposed applications date back to 2017. The cache is being updated on a daily basis, too, with one particular week seeing as many 9,000 fresh applications added.

Amazon has since said that it will inform the company of the situation, but added that it can’t take direct action to resolve the issue.

Responding to a slew of cases where companies have failed to properly configure their AWS settings to password protect their storage buckets, Amazon just a few days ago launched a new tool enabling its business customers to more easily review their bucket access policies and also provide alerts if a bucket is open to the public.

In a similar case that occurred just last month, around 450,000 MTG Arena and Magic Online players had their personal data exposed after a database backup file was left in a public AWS storage bucket without any password protection. Wizards of the Coast, the company behind the games, described the error as “an isolated incident related to a legacy database” and said it was unrelated to its current systems.

The company fixed the situation soon after learning about it. We’re now waiting for the company at the center of the birth certificate application blunder to do the same.

Editors’ Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Apple might once again be considering a TV of its own
The Apple TV Siri Remote in hand.

Toward the end of the first decade of the 2000s, rumors swirled that Apple had its sights set on making a TV — a proper set, not a streaming device like what the Apple TV has become. Steve Jobs even claimed to have figured out exactly how to add the product to the company's portfolio, but the idea never came to fruition before his untimely passing. In today's Power On newsletter, Mark Gurman said that Apple "may even revisit the idea of making an Apple-branded TV set."

Gurman didn't mention details beyond that. In fact, the mention of the TV set came on the heels of a discussion around Apple's upcoming smart home device. Gurman's phrasing regarding the TV — "something [Apple] is evaluating" — is the key here. Gurman suggests that revisiting an Apple-branded TV might be dependent on the success of upcoming smart home devices, especially since HomeKit has been the least popular and least-supported platform of the three major choices.

Read more
The uncertain future cost of Apple’s Emergency SOS feature
Person holding iPhone 14 searching for Emergency SOS satellite.

It's been roughly two years since the launch of the iPhone 14 and its Emergency SOS via satellite feature. You might recall that during the first two years, Apple said it would be free to use but that it might require a subscription after that time, according to MacRumors. Last year, Apple extended the time limit by one more year, so you actually have until November 2025, when the trial period ends.

That's good news. The Emergency SOS feature is, quite literally, lifesaving. During April of this year, three university students lost their way in a canyon and used the feature to call for help. Another story arose in July where the feature came through once more in a moment of crisis. And if you keep digging, you'll find numerous other examples of how this tech is truly beneficial.

Read more
Apple’s smart home display already sounds like a convenience victory
Nest Hub Max

Over the past few weeks, rumors of Apple developing a smart display for home control have picked up pace. The company is said to be developing two versions, and one of them might even feature a robotic arm and revive an iconic Mac’s design. 

Now, Bloomberg has shared some juicy details about how the entry-level option will look and work. The device will offer a 6-inch screen with a square-ish format flanked by sensors, including a FaceTime camera in landscape orientation. 

Read more