I’m running into the ID verification problem too! I uninstalled the app and when I reinstalled, I couldn’t find my 2FA code in Microsoft Authenticator. Now I need to submit my government ID and do the face scan stuff.

I’m very much against all the ID verification stuff as of late, for the same reason you state… I asked a friend to give me a PDF export of my profile and I’ll maybe come back when the ID verification requirement changes.

If your house plumbing is leaking, its not a leak to you unless you see it? How do you know it hasn’t been accessed?

Thankfully we don’t need to rely on your definition of a data leak: https://www.fortinet.com/resources/cyberglossary/data-leak

A data leak happens when an internal party or source exposes sensitive data, usually unintentionally or by accident.

This is sensitive data that’s accidentally been exposed on the internet. That is a leak. You are misinformed on what a data leak is.

It’s not misleading. A database of personally identifiable information being exposed on the internet is a data leak. Personally identifiable information is legally required to be protected, while an exposed database on the internet is about as far from ‘protected’ as you can get.

The article and title make no claim to active selling or known exploitation of the data, but to write this off as nothing would be a mistake. Are you sure that only the Cybernews team found it?

The Cybernews team discovered the exposed MongoDB instance on November 11th, 2025 and immediately notified IDMerit. The company secured the database by November 12th.

We don’t know how long it was exposed for prior to it being discovered on the 11th - it might’ve been that day, it might’ve been a few months.