The Key Ring app data leak has exposed 44 million images uploaded by users – compromising data including government IDs, NRA membership cards, medical marijuana ID cards, credit cards with all the details.
A misconfigured Amazon Web Services server owned by Key Ring left more than 44 million user records exposed with no form of protection. https://t.co/D1DB2qIDhr
— Adam Levin (@Adam_K_Levin) April 4, 2020
This highlights the importance for all organisations to follow best practices security approaches when securing data silos (cloud, hosted or on-premise) and working diligently to ensure that basic access control policies aren\’t neglected when securing customer data.
The wider issue here is that this keeps happening. Cloud storage is easy for anyone with a credit card to spin up, but that doesn’t mean they have the security skills to ensure it is locked down. If businesses can\’t have full control over their data, they need to have measures in place to monitor it.
What’s more, this leak demonstrates the fact organisations need to realise that third parties – users, suppliers, partners – are a significant risk in terms of securing resources. It highlights the need for corporations to move beyond the \”internal security controls\” mantra of old and instead focus on ensuring data access from external channels is closely monitored and validated.
For Digital Pipeline, this is now about solid communication; assuring customers that you\’re doing all you can to protect misuse of their data and then demonstrating those controls is key to brand confidence.