The Key Ring app allows users to upload scans and photos of various physical cards into a digital folder on a user’s phone. As per the research team at vpnMentor, 44 million scans were exposed in a misconfigured cloud database that included: government IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed (like CVV numbers), medical insurance cards and medical marijuana ID cards, among others. vpnMentor said that it found a total of five misconfigured Amazon Web Services (AWS) S3 cloud databases owned by the company, which could have revealed millions of these uploads to anyone with a web browser, thanks to a lack of password-protection on the buckets.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the Telecompaper website, they in no way represent the opinion of Telecompaper.