NFC Pay System CurrentC Hacked Already
Here’s another cautionary tale from the tech industry, especially for the slew of up and coming startups and companies involved in the NFC payment business that’s set to explode in early 2015 (along with just about every other new tech phenomenon, it’s been a busy 5 years).
Early beta testers for CurrentC, another NFC payment system designed to rival Apple Pay, have been shocked by the site to find out that their e-mail address have been unexpectedly hacked from the company’s database.
It’s not a great start for CurrentC, whose security abilities are apparently not as good as their puns. Mercifully the hackers made off with nothing more than e-mail addresses, a wasted opportunity if there ever was one.
CurrentC parent company Merchant Customer Exchange notified users that their addresses had been pinched, echoing the disappointed tones of the parent of a problem child to testers.
“Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.”
Whilst an MCX spokeswoman told Ars Technica that “many of these e-mail addresses are dummy accounts used for testing purposes only” it doesn’t help the fact that a payment system designed to let people pay with real money for real goods has been hacked, although not majorly, before it has even started properly trading.
Hacking is going to be the number one concern of these companies, who are sitting on vulnerable caches of user data, the most in-demand commodity on the seedier side of the internet. Credit card information and other details are traded in bulk on the Darknet, so these new payment folks had better keep their security game on point.
At least the security hole has been identified and patched, before the customer base was affected in a more major way and more sensitive data was stolen. However, it’s yet another reminder to all companies that the hacker threat isn’t going to just disappear any time soon.
Source: Ars Technica