Threatpost is reporting 44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig due to unsecured AWS S3 buckets. Key Ring allows users to upload scans and photos of membership and loyalty cards onto a digital folder on one’s phone; however, many users also use it to store copies of IDs, driver licenses, credit cards, and more.
Experts Comments
April 03, 2020
Developers can take "minimum viable product" to mean "does this work" -- they often forget to add security into their viability equation. For Key Ring, it seems overly simple to say basic security hygiene means following the instructions that came with your S3 bucket.
As for Key Ring users, there's a minimum cost of convenience: they will now have to be hyper vigilant with every email they receive. Phishing attacks with this level of information will easily get past firewalls.
Linkedin Message
@Patrick Hamilton, Security Evangelist , provides expert commentary at @Information Security Buzz.
"Developers can take \"minimum viable product\" to mean \"does this work\"...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-key-ring-exposes-44-m-digital-wallet-items-due-to-aws-s3-bucket-misconfiguration
Copy this message and share on your Linkedin profile. Thanks!
Facebook Message
@Patrick Hamilton, Security Evangelist , provides expert commentary at @Information Security Buzz.
"Developers can take \"minimum viable product\" to mean \"does this work\"...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-key-ring-exposes-44-m-digital-wallet-items-due-to-aws-s3-bucket-misconfiguration
Copy this message and share on your Facebook profile. Thanks!
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center), provides expert commentary at @Information Security Buzz.
"Users do bear some of the blame in this breach though. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-key-ring-exposes-44-m-digital-wallet-items-due-to-aws-s3-bucket-misconfiguration
Facebook Message
@Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center), provides expert commentary at @Information Security Buzz.
"Users do bear some of the blame in this breach though. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-expert-re-key-ring-exposes-44-m-digital-wallet-items-due-to-aws-s3-bucket-misconfiguration