Security News > 2020 > April > Millions of Digital Wallets Exposed by Key Ring

The popular digital wallet application Key Ring recently exposed information belonging to millions of its users, vpnMentor reports.

Key Ring is an application that creates a digital wallet on the user's phone and allows them to upload scans and photos of membership and loyalty cards, but many also use it to store copies of IDs, driver's licenses, credit cards, and the like.

Popular storage solutions on AWS, S3 buckets offer robust security features, but misconfigurations could leave them exposed to anyone with a web browser, and this is what happened in Key Ring's case as well.

One AWS S3 bucket included more than 44 million images uploaded by Key Ring users, including scans of government-issued IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed, medical insurance cards, medical marijuana ID cards, and more.

"In total, five S3 buckets belonging to Key Ring were exposed, all containing valuable, private information that could have serious security implications for millions of people," vpnMentor notes.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/0j4K5J-F_jI/millions-digital-wallets-exposed-key-ring