Western Union, Equifax, Priceline, Spark Networks and Credit Sesame Inc. all agreed to significantly improve the security of their mobile apps, following a challenge by authorities in New York.
The New York Attorney General alleged that the mobile apps of these five companies were vulnerable to man-in-the-middle (MITM) attacks, as they failed to properly implement secure socket layer (SSL) and transport layer security (TLS) certificates used to protect data sent and received on a mobile device when using a public Wi-Fi connection.
Specifically, the AG said their apps “could have allowed sensitive information entered by users — such as passwords, social security numbers, credit card numbers, and bank account numbers — to be intercepted by eavesdroppers employing simple and well-publicized techniques.” All this was part of an effort by the AG’s office to examine the security of various sites and apps before consumers fall victim to cybersecurity attacks and other breaches, the regulator said.
“Today’s settlements require each company to implement comprehensive security programs to protect user information,” the Office of Attorney General Barbara Underwood said in a statement.
Now, as part of the settlement deal, all five companies have agreed to implement “comprehensive security programs” to protect user information from potential future attacks. In other words, the settlement forces the companies to ensure data sent between the app and their servers are encrypted.