44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig

2020-04-02 14:00

Key Ring, creator of a digital wallet app used by 14 million people across North America, has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say.

The Key Ring app allows users to upload scans and photos of various physical cards into a digital folder on a user's phone.

According to the research team at vpnMentor, it found 44 million scans exposed in a misconfigured cloud database that included: Government IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed, medical insurance cards and medical marijuana ID cards, among others.

"Aside from losing users and partners, Key Ring would have been vulnerable to legal action, fines and intense scrutiny from government data privacy groups," the research noted.

"Key Ring is already no longer operating in the EU due to the inability to comply with GDPR. With California enacting its data privacy law in January 2020 - the CCPA - Key Ring could still have faced investigation and fines from the state's legislative bodies. Given the scale and seriousness of this leak, the impact on the company's finances, reputation and market share would be unmeasurable."

News URL

https://threatpost.com/44m-digital-wallet-key-ring-cloud-misconfig/154260/

#cloud #digital