TechCrunch reports that hundreds of thousands of individuals served by U.S. digital gift card store MyGiftCardSupply and roommate-finding site Roomster were discovered by security researcher JayeLTee to have had their sensitive information exposed as a result of unsecured servers containing data from know-your-customer checks.
Misconfigurations in MyGiftCardSupply's Microsoft Azure Cloud instance leaked nearly 200,000 customers' selfie pictures and more than 600,000 identity document images, the most recent of which was from New Year's Eve, according to JayeLTee, who noted that the company had not been responsive to his report even it had addressed the issue on New Year's Day. "The files are now secure, and we are doing a full audit of the KYC verification procedure. Going forward, we are going to delete the files promptly after doing the identity verification," said MyGiftCardSupply founder Sam Gastro. On the other hand, Roomster had almost 320,000 driver's licenses and passports exposed by a misconfigured server but the company noted that there has been no evidence suggesting any data misuse.
