Major Turkish car rental service provider Rent Go had data from more than 161,000 customers exposed due to an unsecured Azure Blob Storage instance, reports Cybernews.
Such misconfigured instance, which may have been open for at least a month before its discovery in November, included driver's licenses, government-issued IDs, and other identification documents from customers who have sought RentGo services since August 2019, including those from other countries in the European Union, according to Cybernews researchers.
Despite being notified regarding the exposed instance, RentGo has still not blocked unauthorized access, noted researchers, who also emphasized the security risks accompanying the data leak.
"This leak poses a significant threat as malicious actors could potentially engage in identity theft, fraudulent activities, or even sell documents on the dark web, leading to severe financial and personal security implications for the affected customers," said researchers.
