Hackers Raid Apple Pay Competitor before It Even Launches
Web Services
CurrentC, a forthcoming mobile payments app, was created solely to rid stores of credit card fees they have to pay every time a customer charges a purchase. Now the initiative might have robbed customers of their identities.
On Oct. 29, participants in a CurrentC trial program received a warning from a consortium of anti-card retailers called MCX, or Merchant Consumer Exchange, that operates the digital wallet service.
The alert said the CurrentC pilot was hacked during the past 36 hours, and criminals managed to grab the email addresses of anyone who had signed up for the program.
The hackers compromised MCX’s e-mail provider, not the CurrentC app itself, Time reports.
The number of users affected is unknown. “As dummy accounts were taken, too, that would seem to rule out a phishing scheme. Phishing requires getting users to click malicious links or taking some other action, and is usually kicked off by sending users a legitimate-sounding email in order to trick them. It’s not likely that the creators of the dummy accounts would have responded to phishing attempts,” according to TechCrunch.
MCX confirmed the hack.
“CurrentC has also come under recent scrutiny because of the data it collects on customers. A close look at the app's privacy policy reveals that signing up will require your ‘driver's license number, Social Security number, date of birth" and more "to authenticate your identity.’ The CurrentC app promises it doesn't use such information ‘for marketing purposes,’” CNN reports. “But MCX is free to share with marketers and other companies the rest of the data it collects: your name, home address, email, phone number and actual location at all times.”
Original Report:
money.cnn.com/2014/10/29/technology/security/currentc-app-hacked/
NEXT STORY: NIST spells out information-sharing best practices