A major cybersecurity and privacy scare has emerged after a report revealed that a fake UK visa application website allegedly exposed sensitive personal documents belonging to more than 100,000 people online.
According to TechCrunch, the site — called “UK Visa Portal” — reportedly left passport scans and selfie photographs publicly accessible due to a serious security lapse that had not been fixed even after being reported.
The platform is not affiliated with the official GOV.UK visa application system, but some users allegedly mistook it for a legitimate government service and paid fees through the site instead of using the official portal.
The leaked files reportedly included copies of passports and identity selfies uploaded by applicants during the visa process. TechCrunch said it verified the authenticity of some of the exposed documents by contacting affected individuals directly.
Cybersecurity experts warn that breaches involving identity documents are particularly dangerous because criminals can use the information for identity theft, financial fraud, phishing scams and social engineering attacks.
The incident also highlights how AI-powered scams are becoming more sophisticated. Fraudsters can now create convincing fake websites, automated customer support systems and highly personalised phishing attacks that closely resemble genuine government or corporate services.
Security specialists continue to advise users to:
- Always verify website addresses before uploading personal documents
- Use only official government portals for visa or immigration applications
- Check for official domains such as “.gov.uk” in the UK
- Avoid sharing passport copies or selfies with unverified third-party platforms
- Enable identity monitoring and report suspicious activity immediately if data may have been exposed
The case adds to growing global concerns over online identity fraud and the misuse of personal data as cybercriminals increasingly exploit AI tools to scale scams and impersonation attacks.
