Nearly a million passports and photo IDs were left unprotected on the public internet

A report found that nearly a million scans of passports, driver’s licenses, and other identity documents were accessible through public URLs without authentication. The exposed files could be viewed by anyone with the link, creating risks of fraud, resale, and identity theft.

The incident highlights how basic cloud storage and web access misconfigurations remain a major source of data breaches. As companies collect more ID scans for verification, stronger controls around document storage and retention are becoming a critical compliance and trust issue.

Typing a few letters and numbers into my web browser, I find myself gaping at the identity documents of complete strangers. The passport of a young woman from Germany. The passport of a man from Spain with glasses resting on his head. The front and back of another man's driver's license, a stereotypically goofy expression on his face. They were all sitting unprotected at public URLs, with no password or access control of any sort. If I sent you a link, you could have looked at someone's passport. "We have to do something about it as fast as possible, because people will find this and resell it. It will do damage," Sammy Azdoufal told me i … Read the full story at The Verge.