Feeds

LifeLock snaps shut Wallet mobile app over credit card leak fears

Wipes servers clean of user data after PCI DSS issues

New hybrid storage solutions

LifeLock has withdrawn its Wallet App and deleted user data over concerns the technology falls short of user data protection rules under the payment card industry's Data Security Standard (PCI DSS).

In a statement Todd Davis, chairman and chief exec of LifeLock, said it was suspending the app as a precaution - not in response to a security breach.

Yanking the mobile app will not affect the LifeLock ID theft protection service, which is designed to detect fraudulent abuse of credit card and non-credit related services, the firm assured customers.

Nonetheless, taking the drastic step of pulling its mobile technology is bound to raise concerns – especially since LifeLocker has yet to explain why its mobile apps were not up to snuff.

I want to make you aware of an issue that we identified related to our recently acquired LifeLock Wallet application. We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards.

For that reason, we are removing the LifeLock Wallet application from the App Store, Amazon Apps, and Google Play, and when users open the LifeLock Wallet, their information will be deleted in the app.

We also want you to know that this does not in any way affect LifeLock subscription identity theft protection services.

We have taken steps to delete all stored information for the mobile app from our servers. Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do. As a company dedicated to online security and safety, we are committed to doing everything we can to ensure those who trust us with their personal information can do so without question.

We believe the LifeLock Wallet provides services and functionality that users value, and we’ll be working to return a Wallet with the highest level of PCI compliance to users soon.

"This is going to be a headache for some LifeLock users, who may have put passwords and PIN codes into their LifeLock app hoping that the service would remember them on their behalf, only to now find that all the records have been wiped after a security scare," noted security industry veteran Graham Cluley, in a blog post.

"No doubt LifeLock has calculated that although it’s going to have some upset customers as a result of this action, it’s better than the potential fallout from being seen to have taken half-hearted steps to protect its users, or having sensitive information on those customers exposed."

Cluley added: "In my view, the withdrawal of the apps was the right thing to do. And, if it’s possible that sensitive information was being stored insecurely on its servers, then it’s good to hear that they’ve taken steps to ensure that it cannot be exposed." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.