1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A top online gift card store may have exposed private data on hun

    From TechnologyDaily@1337:1/100 to All on Tue Jan 7 14:45:05 2025
    A top online gift card store may have exposed private data on hundreds of thousands of users

    Date:
    Tue, 07 Jan 2025 13:59:00 +0000

    Description:
    MyGiftCardSupply was keeping sensitive data in an unprotected database, putting customers at risk.

    FULL STORY ======================================================================Security
    researcher finds large unsecured database belonging to MyGiftCardSupply It contained images of vital documents, as well as selfie photos The company has since locked it down, but users should still be wary

    A database containing sensitive information on hundreds of thousands of users was sitting unprotected online, available to anyone who knew where to look, experts have warned.

    Cybersecurity researcher JayeLTee found a database containing driving licenses, passports, and other identity documents, which a subsequent investigation determined belonged to a company called MyGiftCardSupply, which sells digital gift cards that customers can redeem either online, or at popular stores.

    The data was hosted on Azure and contained 600,000 front and back images of various identity documents. Furthermore, it contained roughly 200,000
    selfies. Some companies require users to take a selfie holding a document, as proof of ownership and identity. Full audit

    Gift cards are often abused in online scams. People that steal money, especially cryptocurrency, will often purchase gift cards to avoid being tracked by law enforcement. To eliminate fraud and comply with local regulations, MyGiftCardSupply required all customers to go through a
    mandatory Know Your Customer (KYC) process, which requires them to verify their identities.

    Unfortunately, the company kept that data unprotected, for an undisclosed amount of time. We dont know if any threat actors discovered it beforehand, but it is a possibility. This type of data can be sold on the dark web, used in phishing and identity theft , and even abused in wire fraud.

    JayeLTee said they reached out to MyGiftCardSupply to no avail, after which they contacted TechCrunch . In a response to the publication, the companys founder, Sam Gastro, acknowledged the researchers findings, saying The files are now secure, and we are doing a full audit of the KYC verification procedure.

    Going forward, we are going to delete the files promptly after doing the identity verification.

    The company says it locked down the database on January 1, 2025. You might also like Mystery database containing sensitive info on 762,000 car-owners discovered by researchers Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-top-online-gift-card-store-may-have-e xposed-private-data-on-hundreds-of-thousands-of-users


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)