Images of hundreds of passports and identity documents of journalists and volleyball players from around the globe were found hosted on a Microsoft Azure blob storage share that was publicly accessible to anyone, BleepingComputer reported.
Cyber threat intelligence researcher Bob Diachenko first discovered the exposure in November 2020. BleepingComputer later identified the documents as belong to reporters and well-known European volleyball players associated with the Confédération Européenne de Volleyball, or CEV – the continental governing body for the sport in Europe. The documents were uploaded as part of an accreditation process.
In January, the bucket and the sensitive files contained were secured and no longer publicly accessible. A CEV spokesperson acknowledged the incident in a message sent to BleepingReport after publication of the article, stating that the organization is "working internally and with our processor to improve on the security of personal data in all the tools we use, and to improve our response plan in case of security incidents."