Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,194
30,136



Just hours after publishing a blog post answering some questions about its upcoming CurrentC mobile payments system and touting the security of its cloud-based storage of sensitive information, the company behind the effort, Merchant Customer Exchange (MCX) has alerted users of unauthorized access to their email addresses.
Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.
mcx_currentc_email_breach.jpg
Details on the unauthorized access have not been disclosed, but iMore's Nick Arnott earlier this week took a look at some of the personal information being collected by MCX and CurrentC and noted that he could ping CurrentC's systems to look for valid registered email addresses on the system. While he did not find valid addresses, the system appeared capable of returning a substantial amount of personal information about such accounts.

Security has of course been one of the main selling points of Apple's new Apple Pay system, with data stored in a Secure Element on the device and payments authorized through Touch ID and tokenized account numbers being used instead of actual credit card numbers to process transactions.

Article Link: CurrentC Alerts Users of Unauthorized Access to Email Addresses
 

penajmz

macrumors 68040
Sep 11, 2008
3,797
4,029
New York City
Lmfao!!!!!! This is too good.

I feel like I'm watching a soup opera unfold.


Dun, dun, dun....what will happen next!? :eek:
 
Last edited:

binaryspiral

macrumors newbie
Sep 9, 2012
16
0
As if anyone was expecting these companies to take customer data security seriously...

Queue Nelson Muntz...
 

DJLC

macrumors 6502a
Jul 17, 2005
958
401
North Carolina
Lolz. Yeah. A merchant-controlled cloud service is more secure than an encrypted secure enclave in my palm. This is stupid.
 

jfischer

macrumors regular
Aug 18, 2014
176
83
There is no way I'd ever use CurrentC with a direct link to my checking account. At least with a CC you have some protection against fraud, but if your checking account gets drained you are truly hosed.
 

joshuaclinton

macrumors member
Mar 28, 2014
65
102
Let's see how fast merchants drop this. And, they expect you to give them your SSN, checking account number, and drivers license number?!
 

UhFive

macrumors regular
Sep 17, 2013
168
135
Texas
Mess with Apple Pay users and you will have a bunch of "Consumers" upset, mess with Google Wallet and you're starting to piss off the programmers and the majority of "hackers". This just had bad written all over it. Unfortunaetly for retailers it looks like they are actually locked into a contract with CurrenC and were forced to close down their NFC terminals.
It would be nice to see the Android and iOS "Hackers" do something together for once and expose all the flaws in this companies system. You don't need to release all the private information to the world, but just release it to all the news sites and major media.
 
Last edited:

itr81

macrumors regular
Jul 12, 2010
230
52
Am I bad for wanting hackers to hack the hell out of this crap app?!

Maybe this service will go still born and everyone can start accepting Apple Pay and Google Wallet payments again.
 

yaxomoxay

macrumors 604
Mar 3, 2010
7,389
34,164
Texas
Honest question. Do you think that Tim Cook heard about this before it hit the news? His comment on a "major event" regarding privacy was quite sybilline...
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.