CurrentC Alerts Users of Unauthorized Access to Email Addresses
Just hours after publishing a blog post answering some questions about its upcoming CurrentC mobile payments system and touting the security of its cloud-based storage of sensitive information, the company behind the effort, Merchant Customer Exchange (MCX) has alerted users of unauthorized access to their email addresses.
Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.
Details on the unauthorized access have not been disclosed, but iMore's Nick Arnott earlier this week took a look at some of the personal information being collected by MCX and CurrentC and noted that he could ping CurrentC's systems to look for valid registered email addresses on the system. While he did not find valid addresses, the system appeared capable of returning a substantial amount of personal information about such accounts.
Security has of course been one of the main selling points of Apple's new Apple Pay system, with data stored in a Secure Element on the device and payments authorized through Touch ID and tokenized account numbers being used instead of actual credit card numbers to process transactions.