UK Visa Portal Exposed Thousands of Passports and Selfies: TechCrunch Reveals
TechCrunch uncovered a massive data breach at UK Visa Portal, which exposed sensitive documents like passports and selfies of over 100,000 applicants. The site is not affiliated with the U.K. government.
Admin User

A shocking security lapse has been discovered at UK Visa Portal, a website that helps people apply for immigration visas to the United Kingdom. An anonymous tipster alerted us to the issue, revealing that the portal was exposing up to 100,000 documents from applicants who had uploaded their passports and selfies as part of the visa application process.
UK Visa Portal is not an official government website; in fact, some users reported mistakenly paying a fee for services through this site instead of using the official GOV.UK platform. The exposed data was secured overnight into Wednesday, following our initial report on the incident, but the sensitive nature of the information prompted TechCrunch to withhold specific details until now.
Not only has UK Visa Portal failed to address the issue proactively, but they also sent their legal team and public relations firm to TechCrunch instead. This move raises questions about their commitment to security and transparency. The exposure is particularly concerning as online identity verification methods are becoming more prevalent due to government initiatives.
What Was Exposed?
The data leak stemmed from a public Amazon-hosted storage server used by UK Visa Portal for user-uploaded documents. While the bucket was not publicly listing its contents, anyone who knew the web address of each file could access and view them. TechCrunch confirmed that UK Visa Portal was indeed responsible for the data breach and verified the authenticity of the exposed information by contacting affected individuals.
Many of these user-uploaded photos also contained precise location data, revealing where they were taken. In some cases, this location data was accurate enough to expose home addresses, adding an extra layer of privacy concern.
No Response from UK Visa Portal
Despite reaching out through the company’s official channels, TechCrunch has yet to hear back from UK Visa Portal's management team. The company initially sent its attorneys and public relations firm to handle inquiries instead of addressing the issue directly. TechCrunch attempted to share details with a manager named Michael Taylor but received no response.
UK Visa Portal is reportedly run by a company called Active Leadgen LLC, based in the United Arab Emirates. However, we could not independently verify this information. The website does not provide a way for users to report security issues or contact management directly.
Security Breach and Legal Implications
The incident highlights the risks associated with using third-party services for sensitive processes like visa applications. TechCrunch reached out to UK Visa Portal, providing them with questions about the breach's duration, reason, and potential impact on user data. Unfortunately, these inquiries remain unanswered.


