FB pixel

From face biometrics to ID forgeries: lax data security fuels ID fraud

From face biometrics to ID forgeries: lax data security fuels ID fraud
 

In a wave of data breaches over the last year, several organizations have carelessly exposed large troves of sensitive personal information, heightening fears of identity theft and fraud. In a step further than exposed data, 404 Media recently uncovered an underground site that sells videos and photos of real people to pass some biometric KYC checks for online services. The investigation reveals that these faces are being sold on the dark web and used to commit various forms of financial and identity fraud.

Fraudsters sometimes pay individuals to take photos and videos they can sell to others to carry out attacks, 404 reports, possibly in combination with fake ID document creation services like the recently-revealed OnlyFakes.

The creation and distribution of counterfeit identification documents using stolen personal information is not the only way identity verification is being compromised. In another recent incident, security systems company Blink recently exposed thousands of driver’s licenses and passports due to a security flaw. Cybernews reports that the breach was caused by a misconfigured Amazon Web Services (AWS) S3 bucket, which was left publicly accessible. The compromised data includes images of driver’s licenses, passports, and other identification documents uploaded by users for verification purposes.

Last year, Leverage Edu, an educational consulting firm, exposed over 100,000 student passports and other sensitive documents. The breach, also discovered by Cybernews, revealed that a misconfigured server allowed unauthorized access to a trove of personal information. The exposed data includes scanned copies of passports, academic records, and other personal details submitted by students seeking educational opportunities abroad.

Leverage Edu acknowledged the breach and assured affected individuals that steps are being taken to secure the compromised server and prevent future incidents. However, the exposure of such documents raised concerns about the potential for identity theft and fraud.

Adding to the growing list of data breaches, Evolve Bank & Trust and the LockBit ransomware group suffered a breach that impacted thousands of customers. According to a blog post by Socure, the breach involved unauthorized access to sensitive customer information, including social security numbers, account details, and transaction histories.

The implications of this breach were extensive, exposing fintech partners and their clients to a range of identity theft and fraud threats, from synthetic identity fraud to account takeovers.

Accordingly, Socure recommends service providers implement robust, passive liveness detection to protect against spoofed selfie biometrics.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Edge computing firm Blaze IPOs, announces security deal with Vsblty

AI-powered edge computing company Blaize, known for its collaborations with biometric surveillance developers, went public on the Nasdaq on Tuesday….

 

Illinois to get mobile driver’s licenses in Apple Wallet by end of 2025

Illinois is “working to bring IDs in Apple Wallet to Illinois residents in the future with the goal of launching…

 

Singapore slaps app stores with age verification requirement for adult apps

Singapore will impose age assurance requirements on app stores starting in April 2025, blocking underage users from downloading social media…

 

Paravision’s next generation algorithm cracks top 5 on NIST FRTE 1:N benchmark

Facial recognition from San Francisco-based Paravision has landed in the global top 5 in the primary benchmark of the latest…

 

Age assurance legislation drives talk on how to create an age-aware internet

There are few hotter topics in biometrics and regulatory circles right now than the issue of age assurance as a…

 

Breach exposes privacy risk from de-anonymization of location data

Gravy Analytics, a prominent location data broker, has disclosed that a significant data breach potentially exposed through de-anonymization the precise…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events