Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak
TronicsXchange, a US-based electronics retailer, has reportedly exposed over 2.6 million files. Website Planet researchers were the first to uncover the security snafu when they discovered a misconfigured AWS S3 bucket containing troves of sensitive information, including ID cards, fingerprints, and other biometric data. The bucket was found on October 12, and researchers immediately contacted the electronics company.
Within the database, there were roughly 80,000 images of driver’s licenses and 10,000 fingerprint scans. Both of these contain highly valuable information for hackers and threat actors to utilize. License photos exposed full name, address, birthdays, photo of the individual, and other data. According to TronicsXchange stores, the leaked data mostly belongs to Californians who visited their retail stores between the years of 2012 and 2015. It is unclear whether threat actors accessed the data before it was taken down.