Are Credit Karma and LifeLock Safe? Their Recent Mobile App Vulnerabilities Should Concern You

Credit Karma LifeLock mobile app security issues
In order to keep track of different aspects of their finances, many people are turning to third-party websites. A good example of this would be Credit Karma, which offers free credit scores and credit monitoring to those who sign up at their site. Another would be LifeLock, which offers identity theft protection for a fee to consumers. What both of these sites claim to do is to help inform and protect consumers regarding certain aspects of their finances, but recent revelations indicate they could actually end up being the source of identity theft.

Two recent events should make everybody a lot more cautious about giving any financial information to third-party companies like Credit Karma and LifeLock. While one would assume that these companies would have the highest security available for their mobile apps, since they collect sensitive consumer financial data such as a social security number in order to perform their services, that doesn’t seem to be the case.

Credit Karma recently had to settle with the Federal Trade Commission (FTC) due to vulnerabilities that were part of their mobile phone app. The use of their app had the potential to expose users’ financial information to hackers using “man-in-the-middle” attacks. The lack of security made it possible for thieves to obtain any information the mobile app sent or received. Those using the Credit Karma mobile app could have exposed their dates of birth, home addresses, names, phone numbers, passwords, credit scores, social security numbers and other important financial data to those who wanted to see it. Had this information fallen into the wrong hands, it would have been quite easy for any person with it to steal the identity of that person.

LifeLock recently disclosed their own mobile app vulnerability. In response, the company ended up voluntarily withdrawing its Wallet App for download, and deleted all of the users’ data which had been collected through the app. They did so because the technology the Wallet App used fell short of the payment card industry’s (PCI) Data Security Standard (DSS) which had the potential to expose users’ financial data to hackers. This comes after LifeLock had to pay $12 million to the FTC in 2010 for making false identity theft protection and data security claims about its service.

It’s important to realize that every time you give your financial information to a new website, you increase the chances of having this information stolen. When even high profile companies dealing with users’ financial information are not always securing your information, you can assume that there are far more vulnerabilities where your data can be accessed. Anytime you are asked to give any information that could be used to steal your identity, you should stop and think whether access to the site requesting it is worth it.

(Photo courtesy of Irita Kirsbluma)

This entry was posted in Personal Finance and tagged , , , , , , , , , , . Bookmark the permalink.

3 Responses to Are Credit Karma and LifeLock Safe? Their Recent Mobile App Vulnerabilities Should Concern You

  1. bill says:

    Why am I just hearing about this?

  2. Will says:

    @Bill, there was no data leaked as far as anybody can tell – the issue is that they were advertising safety standards they weren’t reaching.

  3. Dody says:

    OMG…scary. I use credit karma to see what I need to improve on.

Leave a Reply

Your email address will not be published. Required fields are marked *