The unsecured database contained internal screenshots of source code as well as customer documents that were stored in uploads folders. These documents include: US Federal and State tax filings, passports, driver licenses, birth and marriage records, business documents, denied visa petitions, among other files from customers around the world. Upon further research, there were references and invoices linked to a NYC-based translation service provider, Kings of Translation.
Data breaches in translation companies can be significant as they handle sensitive information, including documents, personal data, and confidential business information. Such breaches can lead to serious consequences, including compromised client data, reputational damage, legal liabilities, and potential financial losses.
The database contained a total of 25,601 records. Kings of Translation purportedly used its own technology to let customers upload their documents and pay for the order automatically. I immediately sent a responsible disclosure notice to Kings of Translation.
I have never seen such a wide range of documents in a single database before. Some businesses handle more sensitive records than others, and usually the documents they collect and store are related to their specific business or industry. Documents that need to be translated are often of significant importance and may be required by foreign governments or educational institutions, or for acquiring crucial records such as birth, marriage, divorce, death certificates, among others.