Zack Whittaker6h ago

New, by me: A popular Canadian money transfer app exposed thousands of driver's licenses and passports to the open web. Anyone with a link was able to view the data in their browser.

The data goes back to September 2020, and was updating daily until the server was secured this week.

https://techcrunch.com/2026/04/02/canadian-money-transfer-app-duc-expose-drivers-licenses-passports-amazon-server/

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

An exposed Amazon-hosted server allowed anyone to access reams of customer data without needing a password.

TechCrunch
Show threadViolet/Multi

@zackwhittaker

“All protections are in place,” Martinez said. “We are notifying the appropriate parties. We have not contracted any services from you.”

That is the most thinly veiled attempt at downplaying the impact of a breach towards a newspaper I've ever seen

4:44pmWeb