đź’¨ Abstract
An Amazon-hosted storage server for the Duc App, a money-transfer service by Duales, was publicly accessible without a password, exposing potentially hundreds of thousands of users' personal data, including driver's licenses, passports, and transaction details. The data was also unencrypted. Security researcher Anurag Sen discovered the issue and alerted TechCrunch, which then notified Duales. The company resolved the exposure but did not clarify why the data was publicly accessible.
Courtesy: Zack Whittaker
Suggested
Anthropic debuts preview of powerful new AI model Mythos in new cybersecurity initiative
Europe’s cyber agency blames hacking gangs for massive data breach and leak
Telehealth giant Hims & Hers says its customer support system was hacked
De-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hack