"The Amazon-hosted storage server listed over 360,000 files containing government-issued documents and other information used by customers to verify their identity through 'know your customer' checks."
"The data was also stored unencrypted, meaning anyone with a link to the data was able to view it in full."
"Duales touts its app as a way for users to send money to other users, including overseas in Cuba and elsewhere."
A security lapse allowed public access to an Amazon-hosted storage server containing sensitive personal data of over 360,000 individuals. The exposed data included driver's licenses, passports, and user-uploaded selfies for identity verification. The Canadian fintech company Duales, which operates the Duc App, resolved the issue after being alerted. The unencrypted files dated back to September 2020 and included customer names, addresses, and transaction details. The app has over 100,000 downloads, facilitating money transfers, including internationally.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]