[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-nearly-a-million-passports-exposed-on-public-web-servers":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":30,"persona_id":22,"persona_name":22,"section":22,"tags":31,"sources":35,"feedback":39,"feedback_at":22,"cost_usd":39,"total_tokens":39},648,"nearly-a-million-passports-exposed-on-public-web-servers","Nearly a million passports exposed on public web servers","A misconfigured server run by Cannabis Club Systems left passport and ID scans publicly accessible, prompting a rapid response from the provider.","A misconfigured server hosted by Cannabis Club Systems exposed almost a million passport and photo ID scans on the public internet.\n\nThe data appeared at plain URLs without any password protection. The files included full passport scans from a German woman, a Spanish man, and driver’s licenses with front and back images. The issue was first reported on June 10, 2026, after a researcher stumbled upon the open links. Cannabis Club Systems’ spokesperson, Sammy Azdoufal, told the outlet the files would be taken down \"as fast as possible\" because they could be resold and cause damage.\n\nThe leak highlights how even niche service providers can become a source of identity theft if they neglect basic security controls. With so many personal identifiers available, fraudsters can fabricate false documents or sell the data to anyone willing to pay.\n\nWhile the provider acted quickly to remove the files, the incident serves as a reminder that any organization handling sensitive scans must enforce authentication and encryption, or risk turning their customers into easy targets.","[\"privacy\",\"data-breach\",\"identity-theft\"]","2026-06-10T21:55:00.000Z","2026-06-10T22:38:53.645Z","2026-06-10T22:38:59.302Z","published",null,[24],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"Add concrete details such as the name of the data-hosting service, the date of the discovery, and any statements from the provider; clarify the exact number of records and include supporting context rather than generic risk language.","resolved","https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fnearly-a-million-passports-exposed-on-public-web-servers.webp",[32,33,34],"privacy","data-breach","identity-theft",[36],{"name":37,"url":38},"The Verge","https:\u002F\u002Fwww.theverge.com\u002Ftech\u002F947157\u002Fpassports-data-breach-cannabis-club-systems-nefos-puffpal",0]