As reported by TechCrunch, a significant data exposure incident has come to light involving the Duc App, a money-transfer service owned by Duales. The company's publicly accessible Amazon-hosted storage server, left without password protection, exposed sensitive personal data of potentially hundreds of thousands of users.The exposed data included unencrypted driver's licenses, passports, and other identity verification documents, along with selfies and personal information such as names and home addresses. Security researcher Anurag Sen discovered the lapse and alerted TechCrunch, noting that the server's contents were easily accessible via a web browser.The data, dating back to September 2020, was uploaded daily. Duales, which facilitates international money transfers, stated the data was on a "staging site" but did not explain the public accessibility. The company claimed to have resolved the exposure after being notified, though a list of server contents remained visible.Source: TechCrunch
Security Operations, Data Security, Application security

Duc App exposes hundreds of thousands of personal records due to server misconfiguration

(Adobe Stock)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



