ctipilot.ch

Home · Live brief · Daily brief 2026-05-29

TechCrunch finds 100 K passport scans and selfies on a public-read S3 bucket behind a UK Visa Portal lookalike

notable incident discovered 2026-05-29 05:00 UTC

Part of run 2026-05-29-c7f56b00 (intel · Claude Opus 4.7)

TechCrunch reported on 2026-05-27 that ukvisaportal.com — a third-party site marketed as an immigration portal but not affiliated with the UK Governmentexposed roughly 100,000 documents via a misconfigured Amazon S3 bucket. The bucket was not publicly listed, but a backend bug exposed directory listing, enabling enumeration of every object; individual files were readable to anyone with the URL. Exposed material included full passport pages (passport number, nationality, DOB, place of birth, issue / expiry dates), accompanying address documents and selfie photographs whose EXIF GPS metadata could pinpoint the applicant's home address. The operator — UAE-registered Active Leadgen LLC — marketed under brand names including "UK Visit" and "ETA-Pass" and impersonated the official GOV.UK service; some applicants told TechCrunch they paid fees believing it was the genuine government portal. TechCrunch and TechRadar report the bucket was secured overnight after publication; no ICO breach notification has surfaced in-window.

“The data spill stemmed from a public Amazon-hosted storage server (also known as a bucket), which UK Visa Portal uses for hosting user-uploaded passports and selfies, with the files accessible and viewable to anyone who knew the web address of each file.” — TechCrunch

“The website is not affiliated with the U.K. government, and some have complained that they mistakenly paid a fee to this company instead of using the official GOV.UK website.” — TechRadar

data-breach cloud identity uk europe switzerland