It seems that CurrentC, the “secure” mobile payments competitor to Apple Pay that’s being pushed by Walmart, Rite Aid, CVS, and others, has already been hacked. A message went out to early trial users of the CurrentC system informing them that a third party had hacked into the system and grabbed some of their email addresses.
From the email:
Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.
In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.
MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.
A PR rep for CurrentC confirmed the email saying:
“Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.
“We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary.”
While stolen email addresses isn’t the end of the world, and could be considered an aggravation at worst, it does make you wonder what other holes there are in the system.
All the parties involved have to be just a little red faced, considering Wal-Mart told Business Insider that it wasn’t supporting Apple Pay because, “Ultimately, what matters is that consumers have a payment option that is widely accepted, secure, and developed with their best interests in mind.”
(Via Business Insider)
