A major security lapse has reportedly exposed sensitive personal information belonging to thousands of individuals who used a website known as UK Visa Portal to process immigration-related applications.

The exposed information included passport photographs, selfie images, and location data uploaded by applicants during the visa process.

Reports indicate that the data was accessible through a publicly exposed Amazon-hosted storage server used by the platform.

Although the files were not openly indexed, individuals with access to specific web addresses could reportedly view the documents without authorization.

The website involved is not affiliated with the United Kingdom government, and some users are said to have mistakenly used the service instead of the official government immigration portal.

The exposed records were reportedly secured shortly after the issue became public knowledge.

Technology investigators confirmed the authenticity of the leaked information after contacting affected individuals.

In some cases, embedded location data within uploaded photographs allegedly revealed highly precise residential locations of users.

Concerns have also emerged regarding the company’s handling of the incident. Reports suggest that the organization did not immediately respond to security warnings and instead referred inquiries to legal representatives and public relations consultants.

Questions remain over whether affected users will be formally notified about the exposure of their personal information.

Cybersecurity experts warn that incidents involving leaked passports and identity documents have become increasingly common due to poor server configurations and weak data protection practices.

Observers say the situation highlights the growing importance of stronger cybersecurity measures, especially as digital identity verification systems become more widespread globally.

Source: TechCrunch