Hundreds of passport applications exposed at diplomatic institution

Published: 21 May 2025
Last updated: 21 May 2025
Passport data leak and ID
Image by Cybernews.

Half a thousand passport applications exposed at the Libyan Consulate in Stockholm left an unprotected instance accessible to the public.

The Cybernews research team discovered an exposed Amazon Web Services (AWS) instance with nearly 550 filled-in passport applications. The now-closed instance was attributed to the Libyan Consulate in Stockholm, a part of the Libyan Embassy in Sweden.

As the application’s title might suggest, applicants needed to fill in numerous personal details to obtain the document, which means the very same details were left accessible. Attackers roam the net for unprotected services, often utilizing automated bots that scrape everything they can find.

ADVERTISEMENT
Stefanie justinasv Paulina Okunyte Konstancija Gasaityte profile
Be the first to know and get our latest stories on Google News
Google News Follow us

According to the team, the exposed instance revealed:

  • Full names
  • Dates of birth
  • Email addresses
  • Parental details

“With access to complete passport application details, cybercriminals may attempt to forge documents, commit immigration fraud, or engage in other fraudulent activities using stolen identities,” researchers claim.

Moreover, attackers could utilize stolen details for highly targeted phishing campaigns. For example, malicious actors could impersonate government agencies, demanding additional personal details or payments, or coax users into revealing more sensitive information.

“With access to complete passport application details, cybercriminals may attempt to forge documents, commit immigration fraud, or engage in other fraudulent activities using stolen identities.”

We have reached out to the Embassy of Libya in Sweden and will update the article once we receive a reply.

To prevent similar issues from taking place in the future, the team advises to:

ADVERTISEMENT
  • Change the access controls to restrict public access and secure the bucket.
  • Update permissions to ensure that only authorised users or services have the necessary access.
  • Retrospectively monitor access logs to assess whether the bucket has been accessed by unauthorised actors.
  • Enable server-side encryption to protect data at rest.
  • Use AWS Key Management Service (KMS) for managing encryption keys securely.
  • Enforce SSL/TLS for data in transit to ensure secure communication.
  • Consider implementing security best practices, including regular audits, automated security checks, and employee training.
  • Leak discovered: March 2nd, 2025
  • Initial disclosure: March 3rd, 2025
  • CERT contacted: March 10th, 2025
  • Leak closed: March 27th, 2025
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT