AI Helps Hacker Discover friends Identity in Leaked DJI Customer Data Privacy Nightmare

AI Helps Hacker Discover friends Identity in Leaked DJI Customer Data Privacy Nightmare

A message from a friend who, well, er um did something big.

Something we’ve wanted to do for years is share the censored ID’s and Passport photos (leaked from customers, and staff alike) that came off DJI AWS leak, but it is SOOO hard to do manually, and I’m just now getting enough compute power to censor large chunks, it’s just so time consuming. Once done they all have to be spot checked again anyway. Also AI is awful with brown folks faces… just gonna put that out there.

Um… also I just ran across someone I personally know, that I missed before!

This story from last night is wild! I decided to let NVIDIA AI process some of the ID’s and Passports collected during the 2017 DJI AWS dump. Every day folks ask me for “proof”, or “evidence” of wrong doing, or “privacy”, and “security” issues. I thought I’d take one last stab at proliferating information by sharing censored ID’s and Passports since it was U.S. House of Representatives CCP Drone Act / NDAA eve, and all.

I was NOT prepared to find David Kovar‘s young face staring back at me as I checked an error in my code. (The red is what my code missed in censoring). There was a little “C Kovar” peeking out between black box redactions. I was like “HOLY CRAP! There is only ONE C Kovar on this earth that would be in this”.
Quickly checking the raw image revealed a friend smiling back at me. I immediately picked up the phone.

Me: <texts David> (no answer)
Me: <calls David>
Me: “uhh sorry this is really important”… “where did you live from 2009 – 2013” (really hoping you’d say ‘small town USA’)
David: “small town USA”
Me: “Can you tell me the exact street you lived on” (really hoping you’d say ‘<direction><street name>’
David: “<direction><street name>”
Me: Jaw hits floor

Right now we are trying to determine if David Kovar ever received the breach notification at all. I’ve emailed support.privacy@dji.com to ask how to check, and Jason Cao has graciously offered to do his best to put us (really David!) in touch with the right people.

For David specifically, this may also require contacting Illinois Attorney General’s Office to see if they have record of DJI informing them of a beach to their citizens data. https://lnkd.in/gvTTBsVQ

Likewise If you have any suspicion of being compromised in the 2017 leak, but never got a letter, I suggest you immediately reach out to DJI support staff, or your local Attorney General’s office.

Be safe out there!


Discover more from sUAS News - The Business of Drones

Subscribe to get the latest posts sent to your email.

Gary Mortimer

Founder and Editor of sUAS News | Gary Mortimer has been a commercial balloon pilot for 25 years and also flies full-size helicopters. Prior to that, he made tea and coffee in air traffic control towers across the UK as a member of the Royal Air Force.