UK Visa Portal: Major data leak on incorrect ETA application page

For entry into Great Britain, an entry permit called “ETA” (Electronic Travel Authorisation) has often been required since last spring. In addition to the official website gov.uk/eta, numerous opportunists have since launched their application pages online with significantly inflated prices. One of these sites has now stored hundreds of thousands of documents from applicants openly on the internet.

This is reported by TechCrunch. According to the report, at least 100,000 documents were accessible in an Amazon cloud storage (bucket) from applicants who uploaded their ID and selfies as part of the application process, for example. The name of the affected website is reportedly “UK Visa Portal.” The data was secured on Tuesday night and is no longer easily accessible.

The Amazon bucket did not list the uploaded data directly; the data was only accessible if the address was known. However, the backend behind the “UK Visa Portal” website apparently revealed it, making access possible. According to the report, the site is also accessible under “UK Visit” and “ETA-Pass.” A spot check by TechCrunch confirmed the authenticity of the data; the medium has contacted some affected individuals.

Possible identity theft

With the copies of identification documents, attackers can commit identity theft, for example. The additional data also facilitates more realistic-looking phishing. Anyone who has used these websites to submit their ETA application should therefore exercise particular caution in the future.

These websites have already been a reason for warnings, for example by the LKA Niedersachsen or consumer protection agencies. These websites are usually at least overpriced and charge many times the actual fees. The LKA also warned of fraudulent websites.

(dmk)