Digital wallet app leaks millions of users’ credit cards & Govt IDs

Digital wallet app leaks millions of users’ credit cards & Govt IDs

Another day, another treasure trove of data exposed online. This time, the IT security researchers at vpnMentor have identified personal details of millions of unsuspected users across North America.


The breach occurred as a result of a misconfigured Amazon Web Services (AWS) S3 bucket open in the wild for public access without any security authentication. Simply put: The data could have been accessed by anyone with simple knowledge of identifying exposed databases.


According to vpnMentor’s research team, the database belonged to Austin, TX-based company “Key Ring,” a digital wallet allowing users to upload and store digital copies of their documents including credit cards, identity cards, passports, driving licenses, gift cards, etc.


See: Terabytes of OnlyFans data being sold on a hacking forum


The company has over 14 million customers and in this case, the privacy and security of each and every customer have been put at risk. 

In a blog post, vpnMentor revealed that Key Ring exposed 5 S3 buckets with highly sensitive information including copies of credit card data including their numbers, expiry dates, and CVV numbers.


Furthermore, Personally Identifiable Information (PII) was also part of the leaked data and included social security numbers, government ID cards, NRA membership cards, medical marijuana ID cards, gift cards, loyalty cards, retail club membership cards, and medical insurance cards.