A German woman's passport and a Spanish man’s driver's license were just two of nearly one million identity documents left exposed on the public internet. The discovery by security researcher Sammy Azdoufal highlights how easily sensitive information can be accessed by anyone with a web browser.

The data came from a cloud system used in cannabis clubs, which allowed members to store their IDs and other personal details for quick access. However, the system was woefully insecure, leaving user profiles open to prying eyes via simple command lines.

Nefos Solutions, the Irish company behind the software, took months to address the issue fully. While they claim no data was accessed beyond what Azdoufal found, it’s clear that prioritizing business over security allowed these vulnerabilities to persist for far too long.

The incident serves as a stark reminder of how lax data protection can be and why stringent measures are essential even in industries handling sensitive information like medical records or financial transactions. The delay in action from Nefos shows the importance of immediate and comprehensive responses when such breaches are discovered.