Security researcher discovers unsecured database exposing vital documents and selfies

A cybersecurity expert, JayeLTee, has uncovered a significant data breach involving a large unsecured database linked to MyGiftCardSupply. The database contained over 600,000 images of sensitive documents like driving licenses and passports, as well as approximately 200,000 selfie photos. MyGiftCardSupply, a company selling digital gift cards, had left the data unprotected on Azure, potentially putting hundreds of thousands of users at risk.

The exposed information was part of a mandatory identity verification process known as Know Your Customer (KYC), aimed at preventing fraud. Despite the company’s requirement for KYC, this data was left vulnerable for an undisclosed period, leaving a possibility for threat actors to exploit it for illicit activities such as identity theft and fraud.

After being alerted by JayeLTee, MyGiftCardSupply took action to secure the database and pledged to conduct a thorough audit of their verification procedures. The company’s founder, Sam Gastro, assured that they would delete the files promptly after the verification process in the future. The database was secured on January 1, 2025, marking an essential step in safeguarding user information.

This incident serves as a reminder of the critical importance of securing sensitive data and the potential risks associated with online transactions.