Fourteen million Key Ring customers, mostly across North America, may have had their personally identifiable information exposed in a Key Ring data leak that affected the company’s Amazon S3 web storage buckets. The buckets can hold vast databases of information. However, they are not configured as fully secured by default when they are created. Rather, it is the client’s (in this case Key Ring) responsibility to secure their storage buckets.
The Key Ring data leak was discovered in January 2020 by security researchers, Noam Rotem and Ran Locar, from vpnMentor who reached out to both Amazon Web Services and Key Ring with their findings. They confirmed that the databases were secured sometime after February 18 when they first contacted the company.
The purpose of Key Ring, a digital storage app that holds uploaded images of its customers’ loyalty and gift cards, is to make shopping and mobile payments more streamlined by storing images of users’ customer loyalty account cards and gift cards. While Key Ring is not intended to be used to store more sensitive information like driver’s licenses, ID cards and other types of payment cards, some users have used it to save images of these sensitive documents. Affected users’ uploaded card images were unprotected in the Key Ring storage buckets, leading to the accidental Key Ring data leak.
There is no way of knowing whether this information was accessed by malicious actors; the data was discovered by researchers who uncover these unsecured databases to inform the owners. However, if hackers were able to get a hold of the information that was leaked, they could target the customers with spam or phishing attempts, takeover the customers’ accounts, potentially use their payment methods for online shopping and more. Any customer who feels their data may have been compromised from the Key Ring data leak can contact Key Ring for more information about what protection is being offered. Those potentially affected should immediately change the passwords on their loyalty accounts, as well as monitor their bank accounts to look for any suspicious transactions, consider credit monitoring services and a credit freeze, and be on the lookout for phishing emails.
If anyone who believes they have been affected by the Key Ring data leak, they can live-chat with an Identity Theft Resource Center expert advisor or call them toll-free at 888.400.5530. They can also download the ID Theft Help App, which allows victims to track their steps in a customized case log.
You might also like…