Nearly a million passports leaked online
Summary
The Verge reports a data-security incident where nearly a million passports and photo IDs were left publicly accessible via unprotected URLs tied to Cannabis Club Systems/Nefos PuffPal. A security researcher exposed insecure storage of passport photos, selfies, and other personal data, weak API security, and a public admin portal; Nefos has since shut down PuffPal and coordinated with authorities, but some data exposure persisted before fixes. The piece underscores the urgency of proper data protection, access controls, and breach disclosure in regulated jurisdictions.