Episode Details

Duc, a Toronto-based fintech app, exposed hundreds of thousands of users personal files on a public Amazon storage server, including drivers licenses, passports, and transaction spreadsheets. The breach was discovered by security researcher Anurag Sen and reported to TechCrunch. The app, used for sending money internationally, had over 100,000 downloads on Google Play. The company, Duales, claimed it was a staging site for testing, but users were unaware of the exposure. Canadas privacy commissioner is now involved, and the servers file list is still visible, although contents are blocked. This incident comes amid a series of apps mishandling ID uploads, highlighting the need for tighter security measures for fintech apps handling sensitive user data.

Support the show:
Get a discount at https://solipillow.com/discount/dnn.

Advertise on DNN:
advertise@thednn.ai

This is an automated, high-level news summary based on public reporting.
Report issues to feedback@thednn.ai.

View sources & latest updates:
https://sources.thednn.ai/087377c971ef8f42