## Money Transfer App Duc Exposed Thousands of Driver's Licenses and Passports on Open Web
A massive data exposure at money transfer app Duc left thousands of customers' sensitive identity documents, including driver's licenses and passports, accessible to anyone on the open web. The breach stemmed from an improperly secured Amazon-hosted server that required no password for access, exposing reams of personal customer data to potential theft or misuse.

The exposed server contained a vast trove of customer verification documents, a critical failure for a financial service handling sensitive personal and financial information. This security lapse allowed unrestricted access to the data, bypassing basic authentication measures. The incident highlights a severe vulnerability in Duc's data storage and security protocols, raising immediate concerns about customer privacy and the potential for identity fraud.

The exposure places Duc under intense scrutiny for its data protection practices and compliance with financial regulations. It signals significant operational risk for the company, potentially damaging user trust and inviting regulatory pressure. The breach underscores the persistent security challenges within the fintech sector, where the handling of highly sensitive identity documents demands the highest levels of security, which Duc demonstrably failed to provide.
---
- **Source**: TechCrunch
- **Sector**: The Lab
- **Tags**: data breach, fintech, identity theft, AWS security, privacy failure
- **Credibility**: unverified
- **Published**: 2026-04-02 16:57:10
- **ID**: 47735
- **URL**: https://whisperx.ai/en/intel/47735