UK Visa Portal Exposed Passports And Selfie Photos Of Over 100,000 Applicants

A website called UK Visa Portal publicly exposed passports and selfie photos of applicants who paid the site to obtain a U.K. immigration visa, after an anonymous source alerted TechCrunch to a security lapse.

“Trending: West Asia war updates Abraham Accords Europe heat IPL 2026 India-Canada trade pact Ranveer Singh row advertisement Fake UK Visa website leaks sensitive data of over 100,000 applicants FP Tech Desk _•_ May 27, 2026, 17:38:30 IST advertisement A fake UK visa website reportedly exposed over 100,000 applicants’ passport scans and selfie photos after masquerading as an official immigration portal Advertisement”

Firstpost

TechCrunch said the anonymous person reported that the website was exposing at least 100,000 documents from people who uploaded their passports and selfies as part of the application process.

TechCrunch

TechCrunch reported that the exposed data was secured overnight into Wednesday, hours after it published an initial story about the incident.

The leak stemmed from a public Amazon-hosted storage server, or bucket, where files were accessible and viewable to anyone who knew the web address of each file, even though the bucket was not publicly listing its contents.

TechCrunch said the person who notified it about the exposure described a bug on the UK Visa Portal website’s back end that allowed them to view the list of files contained in the bucket.

TechCrunch also reported that it verified the authenticity of the exposed data by contacting affected individuals to ask if their information was accurate.

TechRadar

Instead of fixing the issue after TechCrunch reached out, the company sent its attorneys and public relations firm to TechCrunch, and TechCrunch said it had still not heard back from UK Visa Portal’s management.

TechCrunch said UK Visa Portal does not provide a way to report security issues through its website, nor does its website provide names or contact information for the company’s management.

TechCrunch reported that many user-uploaded photos contained precise real-world location data, and in some cases the location data was accurate enough to expose the image taker’s home address.

“A website called UK Visa Portal publicly exposed thousands of passports and selfie photos of applicants who paid the site to obtain a U”

TechCrunch

TechRadar said the data exposure involved passports, photos, verification selfies, and other application information, and it described the cause as documents stored on an unsecured server without password protection.

TechRadar added that the issue was caused by a misconfigured cloud storage repository that was entirely public, and it said the directory structure allowed a predictable URL so attackers could guess or work out the link.

The SC Media brief similarly said the UK Visa Portal website lacked a clear process for reporting security issues or contacting management, while TechCrunch confirmed the data leak and verified the authenticity of the exposed information.