Nearly a million passports and photo IDs from multiple European countries were exposed on public web servers without any authentication, encryption, or access controls, allowing anyone with a URL to access these sensitive documents for months. The data, collected for age verification by the company Nefos and associated cannabis clubs, remained vulnerable due to critical security misconfigurations, raising significant risks of identity theft and document fraud for affected individuals. This incident highlights severe failures in data stewardship and compliance with established security standards for handling identity verification information.
Nearly a Million Passports Just Exposed on the Public Internet—and Anyone Could Access Them with a Simple URL
