UK Visa Portal Exposes Hundreds of Thousands of Applicant Documents in Data Leak
Hundreds of thousands of personal documents from applicants for the UK's new Electronic Travel Authorisation (ETA) were accessible online. The leak occurred on a fraudulent website charging inflated prices for ETA applications.
A significant data leak has emerged from a fraudulent website handling hundreds of thousands of applications for UK entry permits. The site, operating under the name "UK Visa Portal," offered Electronic Travel Authorisations (ETA) at substantially higher prices than the official channel and stored uploaded applicant documents openly in a cloud storage system.
Reports indicate that at least 100,000 documents, including copies of identification and selfies, were stored in an Amazon cloud storage bucket. Access was possible if the specific address of the stored data was known. Multiple websites, including "UK Visit" and "ETA-Pass," reportedly shared the same backend system, leading to the data's exposure.
The data breach has raised concerns about identity theft. Criminals could potentially use the leaked identification documents to create convincing phishing scams or engage in other illicit activities. Individuals who used these sites for their ETA applications are advised to exercise heightened caution.
Security firms and consumer protection agencies have previously warned about similar unofficial ETA application sites, often noting price gouging and fraudulent practices. German law enforcement (LKA Niedersachsen) has also cautioned the public about these services.