Feeds

LifeLock snaps shut Wallet mobile app over credit card leak fears

Wipes servers clean of user data after PCI DSS issues

Remote control for virtualized desktops

LifeLock has withdrawn its Wallet App and deleted user data over concerns the technology falls short of user data protection rules under the payment card industry's Data Security Standard (PCI DSS).

In a statement Todd Davis, chairman and chief exec of LifeLock, said it was suspending the app as a precaution - not in response to a security breach.

Yanking the mobile app will not affect the LifeLock ID theft protection service, which is designed to detect fraudulent abuse of credit card and non-credit related services, the firm assured customers.

Nonetheless, taking the drastic step of pulling its mobile technology is bound to raise concerns – especially since LifeLocker has yet to explain why its mobile apps were not up to snuff.

I want to make you aware of an issue that we identified related to our recently acquired LifeLock Wallet application. We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards.

For that reason, we are removing the LifeLock Wallet application from the App Store, Amazon Apps, and Google Play, and when users open the LifeLock Wallet, their information will be deleted in the app.

We also want you to know that this does not in any way affect LifeLock subscription identity theft protection services.

We have taken steps to delete all stored information for the mobile app from our servers. Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do. As a company dedicated to online security and safety, we are committed to doing everything we can to ensure those who trust us with their personal information can do so without question.

We believe the LifeLock Wallet provides services and functionality that users value, and we’ll be working to return a Wallet with the highest level of PCI compliance to users soon.

"This is going to be a headache for some LifeLock users, who may have put passwords and PIN codes into their LifeLock app hoping that the service would remember them on their behalf, only to now find that all the records have been wiped after a security scare," noted security industry veteran Graham Cluley, in a blog post.

"No doubt LifeLock has calculated that although it’s going to have some upset customers as a result of this action, it’s better than the potential fallout from being seen to have taken half-hearted steps to protect its users, or having sensitive information on those customers exposed."

Cluley added: "In my view, the withdrawal of the apps was the right thing to do. And, if it’s possible that sensitive information was being stored insecurely on its servers, then it’s good to hear that they’ve taken steps to ensure that it cannot be exposed." ®

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.