Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig
#1
Information 
Quote:Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.
 
Key Ring, creator of a digital wallet app used by 14 million people across North America, has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say.
 
The Key Ring app allows users to upload scans and photos of various physical cards into a digital folder on a user’s phone. While Key Ring is primarily designed for storing membership cards for loyalty programs, users also store more sensitive cards on the app. According to the research team at vpnMentor, it found 44 million scans exposed in a misconfigured cloud database that included: Government IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed (including CVV numbers), medical insurance cards and medical marijuana ID cards, among others.
 
vpnMentor said that it found a total of five misconfigured Amazon Web Services (AWS) S3 cloud databases owned by the company. These could have revealed millions of these uploads to anyone with a web browser, thanks to a lack of password-protection on the buckets, the company said. Also, every file could also be downloaded and stored offline.
 
Threatpost reached out to Key Ring’s media team multiple times over the last few days for a comment or reaction to the findings, with no response — and will update this post with any additional information should the company eventually respond.

Read more: https://threatpost.com/44m-digital-walle...ig/154260/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Microsoft Edge fixes 0-day vulnerability...
Microsoft released...harlan4096 — 10:12
AnyDesk 8.0.9
AnyDesk 8.0.9:   ...harlan4096 — 10:10
AMD Confirms RDNA 3+ GPU Architecture F...
AMD Zen5-based Strix...harlan4096 — 10:08
Adobe Acrobat Reader DC 24.001.20629 (Op...
Adobe Acrobat Read...harlan4096 — 10:06
FastCopy 5.7.5
FastCopy 5.7.5: ...harlan4096 — 10:04

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>