Chennai-based document verification company Myeasydocs has exposed the data of thousands of Indian and Israeli students. The company was using a Microsoft Azure account to store documents and data collected from students. But they failed to implement any security measures on the account leaving data exposed and accessible to anyone.
VpnMentor’s research team led by Noam Rotem found this data breach and reported it to the company. The reported Azure account contained over 57,400 files including diplomas, certificates, academic details, and personal details. In total, the breach affects 10000 students.
The company also shared a screenshot of documents (with blurred details) it obtained from Myeasydoc’s Azure storage account.
The leaked private information includes full name, subject majors, national ID, university or college registration number, grads, email, and phone number. This personal data can be used to target students with phishing campaigns, or doxing. It can also lead to identity theft.
Myeasydocs could have avoided this breach if they secured their servers and added proper access rules. The incident will surely bring negative publicity and lead to loss of business.
