Back

UK Visa Portal Data Leak Exposes Thousands of Passports and Selfies

Severity: High (Score: 68.0)

Sources: Zeenews.India, Techcrunch, Feeds.Feedburner

Published: 2026-05-27 · Updated: 2026-05-27

Keywords: visa, portal, leak, applicants, data, passports, your

Summary

The UK Visa Portal has leaked sensitive personal information, including passports and selfies, of at least 100,000 applicants. This third-party website, which is not affiliated with the UK government, has exposed data due to a security misconfiguration in its Amazon-hosted storage. The leak affects individuals who applied for UK immigration visas, particularly impacting Indian applicants who frequently use the service. Despite being notified, the company has not addressed the security issue, raising concerns about identity theft and cyber fraud. The lack of a proper reporting mechanism for security issues further complicates the situation. Affected individuals are advised to monitor their personal information for suspicious activity. The incident highlights vulnerabilities in third-party visa processing systems. Key Points: • UK Visa Portal exposed sensitive data of over 100,000 applicants due to a security flaw. • The website is not affiliated with the UK government, leading to confusion among users. • The company has not responded to notifications about the ongoing security issue.

Detailed Analysis

**Impact** At least 100,000 visa applicants worldwide, including a significant number from India, had sensitive personal data exposed, including passport copies and selfie photos. The affected individuals span sectors such as higher education, skilled work, and tourism. The leak potentially enables identity theft, cyber fraud, phishing attacks, and misuse of fake documentation. The incident also impacts trust in digital visa processing systems and may cause financial and reputational damage to the third-party service provider. **Technical Details** The data exposure resulted from a misconfigured Amazon-hosted storage bucket used by UK Visa Portal, allowing unauthorized access to passport and selfie files via predictable URLs. A backend bug enabled enumeration of the bucket contents, exposing file lists and metadata, including geolocation embedded in some photos. There is no evidence of an external cyberattack or malware use; the issue stems from poor configuration and insecure backend design. The leak was reported by an anonymous source and remains unpatched. **Recommended Response** Immediately audit and secure cloud storage configurations to prevent unauthorized access, including restricting public access to sensitive buckets. Implement secure backend controls to prevent file enumeration and exposure of metadata such as geolocation. Notify affected individuals and relevant regulators as required by data breach laws. Monitor for phishing or fraud attempts targeting exposed individuals and advise users to verify official visa application channels.

Source articles (4)

  • UK Visa Portal spilled thousands of applicants’ passports and selfies online — and hasn’t fixed the leak — Techcrunch · 2026-05-26
    A website called UK Visa Portal is publicly exposing the passports and selfie photos of applicants who signed up and paid the site to obtain a U.K immigration visa, TechCrunch has learned. An anonymou…
  • Is your visa data safe? UK portal leak raises concerns for Indian applicants; Details here — Zeenews.India · 2026-05-27
    Visa data leak : As India remains one of the largest contributor to UK visa applications each year, especially in categories like higher education, skilled work and tourism. Consequently, this inciden…
  • UK Visa Portal exposes passport and selfie photos of applicants — Feeds.Feedburner · 2026-05-27
    A website called UK Visa Portal is publicly exposing the passports and selfie photos of applicants who paid the site to obtain a U.K. immigration visa, based on information published by TechCrunch. An…
  • UK Visa Portal exposed thousands of applicants’ passports and selfies — Techcrunch · 2026-05-27
    A website called UK Visa Portal publicly exposed thousands of passports and selfie photos of applicants who paid the site to obtain a U.K. immigration visa, TechCrunch has learned. An anonymous person…

Timeline

  • 2026-05-26 — TechCrunch reports on data leak: TechCrunch reveals that UK Visa Portal is exposing thousands of passports and selfies due to a security misconfiguration.
  • 2026-05-27 — UK Visa Portal leak confirmed: The leak is confirmed to involve at least 100,000 documents, including sensitive personal information.
  • 2026-05-27 — Zeenews reports on impact for Indian applicants: Zeenews highlights the significant concerns for Indian applicants affected by the data leak.

Related entities

  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • UK Immigration Services (Company)
  • UK Visa Portal (Company)
  • Education (Company)
  • India (Country)
  • Japan (Country)
  • Russia (Country)
  • United Arab Emirates (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • T1566 - Phishing (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed