News

44 mln digital wallet items exposed by Key Ring, researchers say

Friday 3 April 2020 09:44 CET | News

Key Ring has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say.

The Key Ring app allows users to upload scans and photos of various physical cards into a digital folder on a user’s phone. As per the research team at vpnMentor, 44 million scans were exposed in a misconfigured cloud database that included: government IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed (like CVV numbers), medical insurance cards and medical marijuana ID cards, among others. vpnMentor said that it found a total of five misconfigured Amazon Web Services (AWS) S3 cloud databases owned by the company, which could have revealed millions of these uploads to anyone with a web browser, thanks to a lack of password-protection on the buckets.

The researchers also said that they found older, brand-specific loyalty-card lists, such as CSV databases detailing various reports on customers of Walmart, Footlocker, and other big brands. The lists contained personally identifiable information (PII) data for millions, including full names, emails, membership ID numbers, dates of birth, physical addresses, and ZIP codes. Examples of the number of people exposed in these lists include 16 million for Walmart, 64,000 for the Kids Eat Free Campaign, 6,600 for La Madeleine, and 2,000 for Mattel, among others. Threatpost reached out to Key Ring’s media team for a comment or reaction to the findings, with no response.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Key Ring, digital wallets, misconfiguration, leak, IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards, personal information, fraud, PII, scams, database
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions