Exposed Admin Credentials at AU10TIX: A Hacker’s Playground for a Year

AU10TIX, an ID verification company for TikTok, X, and Uber, exposed admin credentials for over a year, risking user identities. Mossab Hussein from spiderSilk first spotted the breach. Hackers could access names, birthdates, and ID images, fueling identity theft. AU10TIX claims no evidence of exploitation but is upgrading security.

3P
Published: June 26, 2024 5:20 pmAdded: June 26, 2024 at 10:31 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like AU10TIX just learned that even a company specializing in ID verification can’t skip the “verify your own security” step. Hackers must feel like they hit the jackpot with this one – it’s like finding the keys to the kingdom under the welcome mat!

Key Points:

  • AU10TIX left administrative credentials exposed for over a year.
  • The exposure was discovered by spiderSilk’s chief security officer, Mossab Hussein.
  • Credentials led to a logging platform with links to identity documents.
  • Potential hacker activity noted, credentials appeared on Telegram.
  • AU10TIX claims no evidence of data exploitation but is upgrading their system.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?