Call Now 888.400.5530

ITRC-logo-color-final
Search
Close this search box.

Key Ring Data Leak Exposes 14 Million Users Sensitive Information

Date: 05/15/2020

Fourteen million Key Ring customers, mostly across North America, may have had their personally identifiable information exposed in a Key Ring data leak that affected the company’s Amazon S3 web storage buckets. The buckets can hold vast databases of information. However, they are not configured as fully secured by default when they are created. Rather, it is the client’s (in this case Key Ring) responsibility to secure their storage buckets.

The Key Ring data leak was discovered in January 2020 by security researchers, Noam Rotem and Ran Locar, from vpnMentor who reached out to both Amazon Web Services and Key Ring with their findings. They confirmed that the databases were secured sometime after February 18 when they first contacted the company.

The purpose of Key Ring, a digital storage app that holds uploaded images of its customers’ loyalty and gift cards, is to make shopping and mobile payments more streamlined by storing images of users’ customer loyalty account cards and gift cards. While Key Ring is not intended to be used to store more sensitive information like driver’s licenses, ID cards and other types of payment cards, some users have used it to save images of these sensitive documents. Affected users’ uploaded card images were unprotected in the Key Ring storage buckets, leading to the accidental Key Ring data leak.

There is no way of knowing whether this information was accessed by malicious actors; the data was discovered by researchers who uncover these unsecured databases to inform the owners. However, if hackers were able to get a hold of the information that was leaked, they could target the customers with spam or phishing attempts, takeover the customers’ accounts, potentially use their payment methods for online shopping and more. Any customer who feels their data may have been compromised from the Key Ring data leak can contact Key Ring for more information about what protection is being offered. Those potentially affected should immediately change the passwords on their loyalty accounts, as well as monitor their bank accounts to look for any suspicious transactions, consider credit monitoring services and a credit freeze, and be on the lookout for phishing emails.

If anyone who believes they have been affected by the Key Ring data leak, they can live-chat with an Identity Theft Resource Center expert advisor or call them toll-free at 888.400.5530. They can also download the ID Theft Help App, which allows victims to track their steps in a customized case log.

You might also like…

Online Shopping Safety a Priority During Coronavirus Pandemic

The Evolution of Password Advice

COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.

notified-ad.png

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center

notified-ad.png
© Copyright 2024- Identity Theft Resource Center

This product was produced by the ITRC under 2018-V3-GX-K007, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in product are those of the contributors and do not necessarily represent the official position or policies of the U.S. Department of Justice. View more about our copyright info here.