An unnamed online company that allows users to obtain copies of US birth and death certificates has exposed more than 752,000 applications — including personal information — online, TechCrunch reports.
UK-based penetration testing company, Fidus Information Security, found the exposed data, which was stored on an Amazon Web Services (AWS) storage bucket. Even worse, the bucket was not protected with a password.
Upon finding the data, Fidus reached out to TechCrunch who verified the information, which includes:
- Applicant’s names
- Current home address
- Email address
- Phone number
- Past addresses
- Names of family members
- The reason for the application
Also worth noting, TechCrunch and Fidus reached out to the company, but in response, only received automated messages and no action was taken.