44 mln digital wallet items exposed by Key Ring, researchers say

SN

Simona Negru

03 Apr 2020 / 5 Min Read


The Key Ring app allows users to upload scans and photos of various physical cards into a digital folder on a user’s phone. As per the research team at vpnMentor, 44 million scans were exposed in a misconfigured cloud database that included: government IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed (like CVV numbers), medical insurance cards and medical marijuana ID cards, among others. vpnMentor said that it found a total of five misconfigured Amazon Web Services (AWS) S3 cloud databases owned by the company, which could have revealed millions of these uploads to anyone with a web browser, thanks to a lack of password-protection on the buckets.

The researchers also said that they found older, brand-specific loyalty-card lists, such as CSV databases detailing various reports on customers of Walmart, Footlocker, and other big brands. The lists contained personally identifiable information (PII) data for millions, including full names, emails, membership ID numbers, dates of birth, physical addresses, and ZIP codes. Examples of the number of people exposed in these lists include 16 million for Walmart, 64,000 for the Kids Eat Free Campaign, 6,600 for La Madeleine, and 2,000 for Mattel, among others. Threatpost reached out to Key Ring’s media team for a comment or reaction to the findings, with no response.
Countries:
SN

Simona Negru

03 Apr 2020 / 5 Min Read

sign up banner
the paypers logo

The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.

 

The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.

 



No part of this site can be reproduced without explicit permission of The Paypers (v2.7).

Privacy Policy / Cookie Statement

Copyright