Written by 
While you probably want to forget the flood of purchases made over the holidays, a recent security breach at an online gift card store might make that impossible. Unfortunately, if you used MyGiftCardSupply in 2024, your data may have been exposed.
Your Data Could Have Been Leaked by an Online Gift Card Store
A U.S. website called MyGiftCardSupply has just fixed a security issue in its online storage system, responsible for hosting customer documents collected for identity verification. The company sells digital gift cards for many popular brands, such as Steam, PlayStation, Hulu, and more.
The vulnerability was reported in late 2024 by an independent security researcher, going by the username of JayeLTee on Infosec Exchange and Substack. According to the researcher, the server held over 600,000 images of identity documents and selfies belonging to roughly 200,000 users.
If you’re wondering why the website needed such images to sell gift cards, the answer has to do with U.S. anti-money laundering regulations.
Know Your Customer—but Lose Their Trust
MyGiftCardSupply probably had the best intentions when it implemented a Know Your Customer (KYC) verification check, a system intended to prevent money laundering and other types of financial fraud. Sadly, gift cards are used in relation to scams far too often, so it’s not surprising that the company would want to ensure buyers are who they say they are.
However, MyGiftCardSupply did not go so far as to make sure the place it was storing that data, which included KYC selfies and images of driver’s licenses, was secure.
While MyGiftCardSupply has now acknowledged the breach into its files stored on Microsoft’s Azure cloud, we still don’t know how long user data was exposed for and which customers were affected. Via TechCrunch, the company’s founder has promised a “full audit of the KYC verification procedure,” suggesting that identity images will be immediately deleted going forward.
Hopefully, affected users will be notified soon, or MyGiftCardSupply will publish a range of dates during which personal data was at risk. In the meantime, if you’ve ever used MyGiftCardSupply, it’s probably best to review your bank accounts for any unusual activity or check for other signs of identity theft.