UK Visa Portal Exposes Thousands of Applicants' Passports and Selfies Online, Leak Unfixed

A significant security lapse has come to light involving "UK Visa Portal," a third-party website that has been publicly exposing the passports and selfie photos of individuals applying for UK immigration visas. TechCrunch revealed that this portal, which charges a fee for its services, has inadvertently made highly sensitive personal data accessible online, raising serious privacy concerns for thousands of applicants. An anonymous source alerted TechCrunch to the vulnerability, indicating that the website has exposed at least 100,000 documents. These documents include critical identification information such as passports and accompanying selfie photos, uploaded by users as part of their visa application process. Crucially, the "UK Visa Portal" is not affiliated with the official UK government, and many applicants have reportedly paid fees to this company mistakenly, believing it to be the official channel instead of the legitimate GOV.UK website. TechCrunch independently verified the data leak, confirming "UK Visa Portal" as the source and authenticating the exposed information by directly contacting affected individuals. The investigation revealed that the website lacks a clear mechanism for reporting security issues and provides no contact details for its management, complicating efforts to alert them to the breach. In an attempt to address the critical vulnerability, TechCrunch sent an email to the address listed on the portal's website, explaining the ongoing security lapse. Due to the extreme sensitivity of the exposed data, TechCrunch stressed that specific details could only be shared directly with the company's management to prevent potential misuse. The response came from the company's purported attorneys and PR firm, but despite further communication, TechCrunch has yet to establish contact with "UK Visa Portal" management. As of the latest reports, the security flaw remains unpatched, and the highly sensitive data continues to be exposed. TechCrunch emphasized that bringing this issue to public attention is vital for the safety of those who have used the company's services, while refraining from publishing precise details to minimize further risk. Applicants are strongly advised to use the official UK government website for electronic travel authorizations, unless specifically retaining an immigration attorney.