Deutsch
Español
Français
Italiano
Nederlands
Polski
Português
Русский
Türkçe
Svenska
Chinese
MagyarID verification company AU10TIX exposed ID information for users of Coinbase, Fiverr, LinkedIn, PayPal, and Upwork to hackers by failing to secure admin login for 18 months
Automated identity verification company AU10TIX, an Israeli company, has exposed personal identification information of users of Coinbase, Fiverr, LinkedIn, PayPal, Upwork, and more to hackers by failing to secure its own administrative login credentials for 18 months. AU10TIX had assumed it had secured this account 18 months ago but was recently informed that it had not – a glaring cybersecurity failure. The account credentials were stolen in 2022, then appeared in Telegram hacker communications in 2023. The account had access to the name, birthdate, nationality, ID type and number, and ID image of verified individuals.
Identity theft is a growing problem because hackers and thieves can easily steal the necessary information online quickly. Many companies have been hacked, including Equifax and Target, resulting in the theft of millions of pieces of personal identification information and the misuse of personal IDs by thieves to open fake loans, change ownership of homes and property, and worse. Typically, a stolen name and birthdate can do much harm. Add a US Social Security number, and hackers have all they need to take over an ID completely.
The idea behind automated identity verification is to ensure the people utilizing financial and work services are indeed who they claim to be. This ensures taxes are properly paid and that any complaints of poor work can be addressed with the correct individuals. AU10TIX has provided and continues to provide this service to many large companies. Some companies like Upwork have already dropped the use of AU10TIX while X recently signed on to become a client. The company claims to have fully addressed the problem and that no client data had been accessed.
For readers who have verified their identity on an affected service, it is critical to proactively place a credit freeze and review credit reports frequently for signs of identity theft. For financial service providers such as Coinbase, it is absolutely critical to change the current password, set up two-factor login, and strongly consider using offline cybercurrency wallets (like this one on Amazon) to prevent cybercoin thefts. For all services, passwords should be changed immediately and two-factor logins set up. Affected readers should also change the security PINs or passwords on their phone accounts, set up two-factor verification, and if possible, set up port-out blocking to prevent phone number theft and SIM card cloning.
