Retailer-Backed MCX Platform CurrentC Has Already Been Hacked

Journalist:
Drew Cordell (@DrewjCordell) @DrewjCordell
October 30, 2014

MCX (Merchant Customer Exchange), the retailer-backed company that gives customers mobile payment and reward capabilities has already been hacked.

The data breach of MCX’s platform, CurrentC, lead to the theft of email addresses, however, the CurrentC mobile application was not affected. Over the past 36 hours, MCX has learned that unauthorized third parties obtained email addresses of some of the CurrentC Pilot program members and other members that had used the app.

Also read: Bitcoin Users Avoid Home Depot Data Breach

Unauthorized Third Parties Obtained the E-mail addresses of Some CurrentC Pilot Program Participants

The news post on MCX’s website explains the breach:

Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.

We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary.

This breach is fairly minor compared to breaches that take payment information such as phone numbers, home addresses, or credit card information such as the breach that happened at Target last year. Many of the email addresses stolen were dummy accounts used for testing the app, this means that users were not the victim of Phishing scams, and there was actually a data-breach. Though not many users were currently using the service, the app was still in its pilot stages and had already been hacked. This data-breach is very discouraging for the company and will lead to setbacks as MCX works to recover and improve security. MCX is sending out the following email to all CurentC users, regardless if it is known if their email was indeed stolen:

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us, and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.

MCX is striving to create a mobile wallet platform which will effectively compete with Google Wallet and Apple Pay. As of right now, the application gives customers a way to pay at select retailers, loyalty points, discounts, and other rewards by paying with the app. Unlike Apple Pay, The CurrentC app currently uses QR code, though this feature would make Bitcoin integration easier.

MCX also published a blog post which explained aims of the company. In one section of the post, MCX talks about security of the CurrentC platform saying “the technology choices we’ve made take consumers’ security into account at every aspect of their core functionality.” According to MCX’s blog post about the breach, the company already knew about the breach prior to publishing the blog post which explains that security is a top priority. This contradiction does not bode well for the company.

After several large hacks, consumers have been pushing to keep control of sensitive data out of the hands of corporations. Skilled hackers have been able to infiltrate secure databases that were believed to be impenetrable.

What do you think about the breach at MCX? Comment below!

Images via Shutterstock.

Drew Cordell (@DrewjCordell) @DrewjCordell

Drew is an undergraduate student at the University of Texas at Dallas, majoring in Business. He is an active member of the Cryptocurrency community, and enjoys collecting, trading, and writing about various coins. Outside of the digital currency world, Drew tends to spend his time with friends, playing video games, or studying.