/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Key Ring data leak exposes millions of user details, say researchers

Key Ring, an app that lets people upload and store card details, has left the information of millions of users exposed, according to researchers at vpnMentor.

  5 1 comment

Key Ring data leak exposes millions of user details, say researchers

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Key Ring claims 14 million North Americas have used its app to upload scans and photos of cards to digital folders that they can access as needed.

The firm stresses that its app is designed for membership and loyalty cards but, according to vpnMentor, users have been storing copies of government IDs, driver licenses and even credit cards - including CVV numbers.

All of these uploads - some 44 million images - have been exposed because of misconfigured Amazon Web Services S3 buckets, making the information publicly accessible to anyone with a web browser, say the researchers.

Key Ring secured the buckets after being informed of the issue, says vpnMentor, but it is not known how long the information was exposed and hackers could have taken it and stored it locally, offline.

Key Ring recently stopped operating in Europe, blaming the requirements of the EU's new General Data Protection Regulation (GDPR).

The firm has not replied to requests for comment.
Sponsored [Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the future

Related Company

Keywords

Comments: (1)

A Finextra member 

OK. So we don't actually know if there's been a breach, but presumably Key Ring will have to put their hands in the air and go public if there has been, right?

[Webinar] Operational Resilience in the age of DORAFinextra Promoted[Webinar] Operational Resilience in the age of DORA