44 mln digital wallet items exposed by Key Ring, researchers say

Friday 3 April 2020 09:44 CET | News

Key Ring has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say.

The Key Ring app allows users to upload scans and photos of various physical cards into a digital folder on a user’s phone. As per the research team at vpnMentor, 44 million scans were exposed in a misconfigured cloud database that included: government IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed (like CVV numbers), medical insurance cards and medical marijuana ID cards, among others. vpnMentor said that it found a total of five misconfigured Amazon Web Services (AWS) S3 cloud databases owned by the company, which could have revealed millions of these uploads to anyone with a web browser, thanks to a lack of password-protection on the buckets.

The researchers also said that they found older, brand-specific loyalty-card lists, such as CSV databases detailing various reports on customers of Walmart, Footlocker, and other big brands. The lists contained personally identifiable information (PII) data for millions, including full names, emails, membership ID numbers, dates of birth, physical addresses, and ZIP codes. Examples of the number of people exposed in these lists include 16 million for Walmart, 64,000 for the Kids Eat Free Campaign, 6,600 for La Madeleine, and 2,000 for Mattel, among others. Threatpost reached out to Key Ring’s media team for a comment or reaction to the findings, with no response.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords:	Key Ring, digital wallets, misconfiguration, leak, IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards, personal information, fraud, PII, scams, database
Categories:	Fraud & Financial Crime
Companies:
Countries:	World

This article is part of category

Fraud & Financial Crime

::: more

Free Headlines	::: subscribe now
RSS	::: follow ThePaypers via RSS ::: connect
LinkedIn	::: connect with ThePaypers on LinkedIn ::: connect
Twitter	::: follow ThePaypers on Twitter ::: follow
Facebook	::: like ThePaypers on Facebook ::: like

44 mln digital wallet items exposed by Key Ring, researchers say

Free Headlines in your E-mail

Fraud & Financial Crime

Voice of the Industry

The threats and opportunities of the AI revolution in compliance

Frictionless payments: adopting technological advancements to tackle security concerns

Shaping the future of the payments industry: key insights from MPE 2024

A bumpy road to becoming an open identity infrastructure: MOSIP Connect 2024 in retrospect

Innovation in payments: what role do policy and regulation play?

Interviews

Presenting crypto payments trends – a CoinsPaid perspective

Key ecommerce and payments trends in 2024

AML/sanctions compliance: A vital lifeline for Banking-as-a-Service partnerships' survival

The agility of the Electronic Money Institution: paving the way for instant, low-cost payments around the globe

Countdown to IFGS 2024: Unveiling trends shaping fintech's next decade

Industry Events

The Paypers

This Site

Contact Information

Legal Information