tech

April 2, 2026

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

An exposed Amazon-hosted server allowed anyone to access reams of customer data without needing a password.

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

TL;DR

  • A publicly accessible Amazon-hosted storage server exposed hundreds of thousands of personal data records from the Duc App, a money-transfer service.
  • The exposed data included driver's licenses, passports, selfies, customer names, home addresses, and transaction details.
  • The data was stored unencrypted and accessible without a password.
  • Security researcher Anurag Sen discovered the lapse and alerted TechCrunch, who then notified the company's CEO.
  • Duales stated the data was on a 'staging site' and claimed all protections are now in place, and they are notifying appropriate parties.
  • The Canadian privacy regulator is also seeking more information from the company.
  • This incident is part of a trend of apps and websites exposing sensitive identity data due to inadequate security measures.

Continue reading the original article

Made withNostr