Double Whammy: Dubai Taxi Company App Exposes Sensitive Data While KuCoin Sets $22 Million Settlement in Cryptocurrency Regulatory Wave

The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data.

It is found that DTC, a subsidiary of Dubai’s Roads and Transport Authority, leaked a trove of sensitive information from the DTC app. Over 197K app users and nearly 23K drivers were exposed.

"Beware of little expenses. A small leak will sink a great ship." – Benjamin Franklin

Every DTC founder should have this quote on their wall.

A few dollars for an app here, and a few percent for a service there…

And poof!

Suddenly your profits are gone

— Lioran Pinchevski (@Lioranpi) August 1, 2023

According to the team, the exposed data was stored in an open MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large swaths of document-oriented information. 

DTC app has over 100,000 downloads on the Google Play store.

What Kind of Data Did the DTC App Leak?

The leaked database was likely a production database used for development purposes, as it included customer data, logs, drivers’ personal identifiable information (PII), registration and bank details, as well as passenger order details. 

The data covered a period from 2018 to 2021. The exposed DTC app user data include email address, phone number, phone model, and the apps’ tokens for email, login, session, and sign up. 

Tokens usually serve as digital keys to user accounts. Exposing tokens could lead to unauthorized account access.

Sample of the leaked data.

The volume of exposed data about the DTC drivers is impressive, as the database includes:

• Driving license number
• Work permit number
• Nationality
• Username
• Encrypted password
• Phone number

The online driver app logs contained a staggering one terabyte of data, including location details, IPs, whether a driver used a VPN service and even the device battery status.

KuCoin Cryptocurrency Legal Landscape with $22 Million Settlement

KuCoin, a major player in the global cryptocurrency exchange arena, has excluded users from New York on its platform. This decision follows a legal tussle with the state, resulting in a $22 million settlement.

Legal Dispute and Regulatory Scrutiny

Attorney General Letitia James initiated legal action against KuCoin in March, asserting that the Seychelles-based exchange neglected registering with the state before facilitating cryptocurrency transactions for investors. 

⚡️Kucoin agrees to ban New York residents and pay $22 million in settlement

Kucoin users from the State of New York will lose the ability to trade within 30 days and will have their accounts closed within 120 days. 🗓 pic.twitter.com/gfTc8clKCO

— Toori.eth ✪ (@TooriAlpha) December 13, 2023

The move aligns with New York’s efforts to regulate and enforce compliance within the digital assets industry.

Equal Rules for Crypto Companies

In response to the settlement, James emphasized that cryptocurrency companies must adhere to the same regulatory standards as traditional financial institutions. 

The legal scrutiny signifies a broader trend as U.S. regulators intensify their focus on fraud, money laundering, and the need for enhanced investor protections within the cryptocurrency space.

KuCoin, while not the largest, holds a significant position among cryptocurrency spot exchanges, trailing behind industry giants such as Binance, Coinbase, and Kraken. 

Factors such as traffic, liquidity, and trading volumes, as reported by CoinMarketCap, contribute to its standing in the competitive landscape.

Unexpected Security and Regulatory Rollover!

It sounds surprising to us that even taxi data can be leaked. This highlights the importance of keeping our data safe from any breach. 

Similarly, regulatory compliance in all countries is difficult to meet, so it is crucial to invest wisely!