Rough start for Apple Pay alternative – CurrentC mobile payment data systems hacked today

// October 29th, 2014 // Hacking and Security


CurrentC - mobile payment system alternative to Apple Pay

MCX’s CurrentC payment system, the alternative to Apple Pay backed by Walmart, Best Buy, CVS, Rite Aid, Gap, and others, was hacked today. Reports indicate the data breach involves the theft of email addresses of early beta participants and others who expressed interest in testing the new mobile payment system. No word yet on how the email addresses were stolen but you have to assume it was a backend-database penetration (possibly sql-injection?). Even if the culprits don’t already have the unencrypted login information, they soon will as soon as their phishing campaign begins targeting these users.

Here’s the email that was sent to those affected by the data breach.

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.

TechCrunch explains CurrentC’s business objective:

“CurrentC’s maker MCX, for those unfamiliar, is a group of over 50 retailers who have been working to develop their own mobile wallet technology. Essentially, they want to own the mobile wallet experience for themselves, instead of turning it over to a company like Apple, whose Apple Pay mobile payments solution prevents them from gaining access to customer data. Instead, retailers involved with MCX want to use mobile payments as a way to learn more about their customers’ shopping behavior, which could mean they could better target offers to them in the future.”

Geek wear at Ivy and Pearl Boutique

« « Previous Article: List of comic book characters (superheroes and villains) and their real names and true identities     » » Next Article: Music artists’ (e.g. Taylor Swift) power moves over streaming services leaves consumers in uncomfortable three-way

Leave a Reply

You must be logged in to post a comment.

%d bloggers like this: