Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
While you probably want to forget about the deluge of purchases made during the holidays, a recent security breach at an online gift card store could make that impossible. Unfortunately, if you used MyGiftCardSupply in 2024, your data could be exposed.
Your details could be leaked by an online gift card store
A US website called MyGiftCardSupply has just fixed a security issue in its online storage system, responsible for hosting customer documents collected for identity verification. The company sells digital gift cards for many popular brands, such as Steam, PlayStation, Hulu, and more.
The vulnerability was reported in late 2024 by an independent security researcher, going by the username of JayeLTee on Infosec Exchange and Substack. According to the researcher, the server contains more than 600,000 images of identity documents and selfies belonging to about 200,000 users.
If you’re wondering why the website needed such images to sell gift cards, the answer has to do with US anti-money laundering regulations.
You know your customer, but you lose their trust
MyGiftCardSupply probably had the best of intentions when it implemented a Know Your Customer (KYC) verification check, a system intended to prevent money laundering and other types of financial fraud. sad, gift cards are used in relation to scams too often, so it is not surprising that the company wanted to make sure that the buyers are who they say they are.
However, MyGiftCardSupply did not go so far as to ensure that the location where it was storing the data, which included KYC selfies and driver’s license images, was secure.
While MyGiftCardSupply has now acknowledged the breach in its files stored in Microsoft’s Azure cloud, we still don’t know how long user data was exposed and which customers were affected. Via TechCrunchthe company’s founder promised a “full audit of the KYC verification procedure,” suggesting that identity images would be removed immediately going forward.
I hope that affected users will be notified soon, or MyGiftCardSupply will publish a series of dates during which personal data was at risk. In the meantime, if you’ve ever used MyGiftCardSupply, it’s probably best to review your bank accounts for any unusual activity or check for others. signs of identity theft.
