Nearly a million private IDs exposed in massive data leak

The exposed database includes more than 985,000 photo IDs, ranging from German passports to Spanish driver’s licenses. For visitors to cannabis clubs in Spain, the breach goes far deeper than a static image; it archives home addresses, phone numbers, and detailed records of monthly consumption habits. Azdoufal, who previously identified critical vulnerabilities in DJI robot vacuums and home security cameras, notes that the list contains high-profile individuals who likely expected their private choices to remain confidential. Among the affected are roughly 30,000 United States citizens whose documentation is currently available to anyone with a web connection. The researcher warns that the speed at which bad actors can scrape and resell this information poses an immediate threat to the victims. While the clubs themselves are the source of the data, the security failure stems from a total lack of access control on the public servers hosting these files.