Bethany Alvaro 
An investigation by researchers at The Guardian analysed seven platforms commonly used to upload sensitive lease documents, finding major gaps in digital security. These major exposure gaps set the scene for threat actors to easily swoop in and steal private data.
The research found that these platforms had extremely weak security, with predictable URL patterns or short links that could be easily guessed, and no authentication or login requirements.
As a result, the investigators surmise that unauthorised parties such as cyber criminals can easily access private data from these sites.
Despite the fact that these shortcomings are leading to lease agreements, identification documents (like passports and driver’s licences), payslips, references and other personal files being extremely exposed, most of the platforms have done little to act despite being informed of these vulnerabilities.
“It is appalling that months after being notified of these vulnerabilities, most companies have done nothing,” digital rights advocate Samantha Floreani told The Guardian.
“This is a blatant and disturbing disregard for the law and for people’s security.
“While these companies turn a profit by inserting themselves as intermediaries between renters, agents and landlords and collecting vast quantities of data, the benefits to renters are questionable at best.”
“To have no real choice but to use these platforms in order to access and retain housing, then to have the information you are forced to hand over left unprotected, adds insult to injury in an already deeply dehumanising system.”
However, some platforms have responded to the research and reportedly strengthened their response to digital threats, such as Inspection Express.
“Inspection Express does not make customer documents publicly discoverable or indexable by Google or other search engines,” a spokesperson said.
“Documents are accessed via controlled links and are not published to the open web by our platform, and our review did not identify any open web discovery.
“The enhancements include document links that automatically expire after a limited number of accesses or a defined time window, along with additional restrictions on link sharing and copying.”
The full investigation by The Guardian is available here.