TechCrunch has flagged a public AWS S3 bucket operated by a UAE-registered third-party site, UK Visa Portal (Active Leadgen LLC), that exposed at least 100,000 passport scans and selfies belonging to people who paid extra to apply for UK electronic travel authorizations. The site is not the official GOV.UK service; users could complete the same application directly on GOV.UK in minutes for free. The third party reportedly responded with legal threats instead of remediation. The dataset is now in the wild and creates substantial identity-document compromise risk - passport scans plus selfies enable KYC bypass against banks, exchanges, and government services.
Update on the ANTS breach we covered April 22: French police detained a 15-year-old on April 25, suspected of running the breach3d alias and stealing data from France Titres (ANTS), the agency that issues French ID cards, passports, and driver's licenses. The Paris Prosecutor's Office charged the minor on April 29 with three offenses carrying up to seven years in prison. ANTS now confirms 11.7 million accounts affected - lower than the original 19 million claim but still one of the largest leaks of French citizen identity data ever. Exposed data includes full names, email addresses, dates of birth, postal addresses, and phone numbers.