Key Ring

Summary

Researchers at vpnMentor discovered misconfigured Amazon Web Services (AWS) S3 buckets owned by Key Ring that publicly exposed over 44 million various images to include forms of identification, credit and debit cards, and membership cards. Key Ring , a popular digital wallet, was designed to store scanned images of typical wallet contents to provide its 14 million users a “One-Stop Shopping Solution.” Exposed information also included CSV files containing various businesses’ customer listings that stored personally identifiable information (PII). The breach was discovered in January and fixed February 20, 2020, though researchers cannot confirm how long the buckets were exposed. Breached information may be used in various crimes ranging from account takeovers to identity theft and fraud. Potentially affected Key Ring patrons are advised to monitor all financial accounts for fraudulent charges and report any suspicious activity immediately to both your financial institution and local police station. Additionally, report signs of identity theft to the Federal Trade Commission and consider placing freezes on credit profiles. Cyber incidents can be reported via the NJCCIC Cyber Incident Report Form and the FBI’s Internet Crime Complaint Center (IC3) website.