The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data.
It is found that DTC, a subsidiary of Dubai’s Roads and Transport Authority, leaked a trove of sensitive information from the DTC app. Over 197K app users and nearly 23K drivers were exposed.
According to the team, the exposed data was stored in an open MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large swaths of document-oriented information.
DTC app has over 100,000 downloads on the Google Play store.
What Kind of Data Did the DTC App Leak?
The leaked database was likely a production database used for development purposes, as it included customer data, logs, drivers’ personal identifiable information (PII), registration and bank details, as well as passenger order details.
The data covered a period from 2018 to 2021. The exposed DTC app user data include email address, phone number, phone model, and the apps’ tokens for email, login, session, and sign up.
Tokens usually serve as digital keys to user accounts. Exposing tokens could lead to unauthorized account access.
Sample of the leaked data.
The volume of exposed data about the DTC drivers is impressive, as the database includes:
- Driving license number
- Work permit number
- Nationality
- Username
- Encrypted password
- Phone number
The online driver app logs contained a staggering one terabyte of data, including location details, IPs, whether a driver used a VPN service and even the device battery status.
KuCoin Cryptocurrency Legal Landscape with $22 Million Settlement
KuCoin, a major player in the global cryptocurrency exchange arena, has excluded users from New York on its platform. This decision follows a legal tussle with the state, resulting in a $22 million settlement.
Legal Dispute and Regulatory Scrutiny
Attorney General Letitia James initiated legal action against KuCoin in March, asserting that the Seychelles-based exchange neglected registering with the state before facilitating cryptocurrency transactions for investors.
The move aligns with New York’s efforts to regulate and enforce compliance within the digital assets industry.
Equal Rules for Crypto Companies
In response to the settlement, James emphasized that cryptocurrency companies must adhere to the same regulatory standards as traditional financial institutions.
The legal scrutiny signifies a broader trend as U.S. regulators intensify their focus on fraud, money laundering, and the need for enhanced investor protections within the cryptocurrency space.
KuCoin, while not the largest, holds a significant position among cryptocurrency spot exchanges, trailing behind industry giants such as Binance, Coinbase, and Kraken.
Factors such as traffic, liquidity, and trading volumes, as reported by CoinMarketCap, contribute to its standing in the competitive landscape.
Unexpected Security and Regulatory Rollover!
It sounds surprising to us that even taxi data can be leaked. This highlights the importance of keeping our data safe from any breach.
Similarly, regulatory compliance in all countries is difficult to meet, so it is crucial to invest wisely!