Fake UK Visa Site Exposed 100,000 Passports and Selfies on Public AWS Server
A third-party UK visa application site, UK Visa Portal operated by UAE-based Active Leadgen LLC left over 100,000 passport scans and selfies exposed on an unsecured Amazon Web Services (AWS) server. The site, which charges fees for processing electronic travel authorizations, is not affiliated with the official UK government platform (GOV.UK), where applications are free and take minutes to complete.
The breach was discovered after an anonymous tipster alerted TechCrunch to the exposure, revealing that while the AWS bucket did not publicly list its contents, individual files remained accessible to anyone with the direct web address. A backend bug on the site allowed unauthorized access to the file inventory. TechCrunch verified the leak by contacting affected individuals, confirming the authenticity of the exposed data.
The compromised files included not only passport scans but also selfies with embedded GPS coordinates, potentially revealing users’ home addresses. This combination of personal data passport numbers, facial images, and location details poses severe identity theft risks, particularly as governments expand online identity verification systems.
When TechCrunch attempted to notify the company, UK Visa Portal’s support team directed them to a manager who never responded. Instead, the company’s legal representatives (BakerHostetler) and PR firm (FTI Consulting) engaged, though neither provided verified authorization to address the issue. TechCrunch refused to share details with unverified parties to prevent potential misuse of the exposed data.
The AWS bucket was secured the night after TechCrunch published its report, but the company has not disclosed how long the server remained exposed or whether any unauthorized access occurred. Subsequent questions from TechCrunch including the duration of the exposure, the cause, and whether logs existed to track data access went unanswered. The incident highlights the risks of third-party visa processing services and the challenges of responsible disclosure in cybersecurity breaches.
UK Visa Portal TPRM report: https://www.rankiteo.com/company/visa-portal-international
Active Leadgen LLC TPRM report: https://www.rankiteo.com/company/proactive-health-solutions-pty-ltd
"id": "vispro1779972414",
"linkid": "visa-portal-international, proactive-health-solutions-pty-ltd",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '100,000+',
'industry': 'Travel/Immigration Services',
'location': 'UAE',
'name': 'UK Visa Portal (Active Leadgen LLC)',
'type': 'Third-party visa processing service'}],
'attack_vector': 'Misconfigured AWS S3 Bucket',
'data_breach': {'file_types_exposed': ['Images (passport scans, selfies)'],
'number_of_records_exposed': '100,000+',
'personally_identifiable_information': 'Passport numbers, '
'facial images, GPS '
'coordinates',
'sensitivity_of_data': 'High (PII, biometric data, location '
'data)',
'type_of_data_compromised': ['Passport scans',
'Selfies with GPS coordinates']},
'description': 'A third-party UK visa application site, *UK Visa Portal* '
'operated by UAE-based Active Leadgen LLC left over 100,000 '
'passport scans and selfies exposed on an unsecured Amazon Web '
'Services (AWS) server. The site, which charges fees for '
'processing electronic travel authorizations, is not '
'affiliated with the official UK government platform (GOV.UK). '
'The breach was discovered after an anonymous tipster alerted '
'*TechCrunch* to the exposure, revealing that while the AWS '
'bucket did not publicly list its contents, individual files '
'remained accessible to anyone with the direct web address. A '
'backend bug on the site allowed unauthorized access to the '
'file inventory. *TechCrunch* verified the leak by contacting '
'affected individuals, confirming the authenticity of the '
'exposed data.',
'impact': {'brand_reputation_impact': 'Severe (unaffiliated with UK '
'government, lack of transparency)',
'data_compromised': '100,000+ passport scans and selfies',
'identity_theft_risk': 'High (passport numbers, facial images, GPS '
'coordinates)',
'legal_liabilities': 'Potential (GDPR, identity theft risks)',
'systems_affected': 'AWS S3 bucket, UK Visa Portal backend'},
'investigation_status': 'Ongoing (limited cooperation from company)',
'lessons_learned': 'Risks of third-party visa processing services, challenges '
'of responsible disclosure, importance of securing cloud '
'storage and backend systems.',
'post_incident_analysis': {'corrective_actions': 'AWS bucket secured '
'post-disclosure; no further '
'details provided.',
'root_causes': 'Misconfigured AWS S3 bucket, '
'backend bug allowing unauthorized '
'file access, lack of '
'monitoring/logging.'},
'recommendations': ['Implement strict access controls for cloud storage (AWS '
'S3 buckets).',
'Regularly audit backend systems for vulnerabilities.',
'Establish clear incident response protocols, including '
'verified communication channels.',
'Avoid charging fees for services available for free on '
'official government platforms.',
'Enhance transparency and customer trust through '
'proactive disclosure.'],
'references': [{'source': 'TechCrunch'}],
'regulatory_compliance': {'regulations_violated': ['Potential GDPR '
'violations']},
'response': {'communication_strategy': 'No direct response to *TechCrunch*; '
'unverified legal/PR engagement',
'containment_measures': 'AWS bucket secured after *TechCrunch* '
'report',
'third_party_assistance': 'BakerHostetler (legal), FTI '
'Consulting (PR)'},
'title': 'Fake UK Visa Site Exposed 100,000 Passports and Selfies on Public '
'AWS Server',
'type': 'Data Exposure',
'vulnerability_exploited': 'Unsecured AWS bucket with direct file access via '
'backend bug'}