News and resources on cyber and physical threats to banks and fintechs worldwide.
Key Ring data leak exposes millions of user details, say researchers

Key Ring data leak exposes millions of user details, say researchers

Key Ring, an app that lets people upload and store card details, has left the information of millions of users exposed, according to researchers at vpnMentor.

Key Ring claims 14 million North Americas have used its app to upload scans and photos of cards to digital folders that they can access as needed.

The firm stresses that its app is designed for membership and loyalty cards but, according to vpnMentor, users have been storing copies of government IDs, driver licenses and even credit cards - including CVV numbers.

All of these uploads - some 44 million images - have been exposed because of misconfigured Amazon Web Services S3 buckets, making the information publicly accessible to anyone with a web browser, say the researchers.

Key Ring secured the buckets after being informed of the issue, says vpnMentor, but it is not known how long the information was exposed and hackers could have taken it and stored it locally, offline.

Key Ring recently stopped operating in Europe, blaming the requirements of the EU's new General Data Protection Regulation (GDPR).

The firm has not replied to requests for comment.

Comments: (1)

A Finextra member
A Finextra member 03 April, 2020, 13:57Be the first to give this comment the thumbs up 0 likes

OK. So we don't actually know if there's been a breach, but presumably Key Ring will have to put their hands in the air and go public if there has been, right?