Nearly a million passports and photo IDs were left unprotected on the public internet

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2026 Poal.co

314

•

Nearly a million passports and photo IDs were left unprotected on the public internet (archive.today)

Source: https://www.theverge.com/tech/947157/passports-data-breach-cannabis-club-systems-nefos-puffpal

From the post:

>Typing a few letters and numbers into my web browser, I find myself gaping at the identity documents of complete strangers. The passport of a young woman from Germany. The passport of a man from Spain with glasses resting on his head. The front and back of another man’s driver’s license, a stereotypically goofy expression on his face. They were all sitting unprotected at public URLs, with no password or access control of any sort. If I sent you a link, you could have looked at someone’s passport.

Source: https://www.theverge.com/tech/947157/passports-data-breach-cannabis-club-systems-nefos-puffpal From the post: >>Typing a few letters and numbers into my web browser, I find myself gaping at the identity documents of complete strangers. The passport of a young woman from Germany. The passport of a man from Spain with glasses resting on his head. The front and back of another man’s driver’s license, a stereotypically goofy expression on his face. They were all sitting unprotected at public URLs, with no password or access control of any sort. If I sent you a link, you could have looked at someone’s passport.

[–] • 1 pt

But he does point the finger at 9Series, an outsourcing firm he claims was responsible for developing the PuffPal app and creating all the vulnerable APIs it used to pull unprotected data from Nefos’ user database. (9Series did not have a response by publish time.)

Pajeets.

link