Security Expert Re: Key Ring Exposes 44 M Digital Wallet Items Due To AWS S3 Bucket Misconfiguration

Threatpost is reporting 44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig due to unsecured AWS S3 buckets. Key Ring allows users to upload scans and photos of membership and loyalty cards onto a digital folder on one’s phone; however, many users also use it to store copies of IDs, driver licenses, credit cards, and more.

Tim Mackey, Principal Security Strategist,  Synopsys CyRC
April 03, 2020
Users do bear some of the blame in this breach though.
Unsecured S3 buckets are almost a daily occurrence, but in this case the security risk was compounded by users who were using the Key Ring service for more than storing loyalty card information. Some users had determined that Key Ring would further reduce the number of ID cards they carried and scanned drivers licenses, medical cards, credit cards with CCVs and government IDs. Key Ring also serves ....
[Read More >>]
Patrick Hamilton, Security Evangelist ,  Lucy Security
April 03, 2020
Developers can take "minimum viable product" to mean "does this work".
Developers can take "minimum viable product" to mean "does this work" -- they often forget to add security into their viability equation. For Key Ring, it seems overly simple to say basic security hygiene means following the instructions that came with your S3 bucket. As for Key Ring users, there's a minimum cost of convenience: they will now have to be hyper vigilant with every email they recei ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article