Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information
The FTC alleged that, despite their security promises Credit Karma failed to take reasonable steps to secure their mobile apps, leaving consumers’ sensitive personal information at risk. Among other things, the complaints charge that Credit Karma disabled a critical default process, known as SSL certificate validation, which would have verified that the apps’ communications were secure.
As a result, the companies’ applications were vulnerable to “man-in-the-middle” attacks, which would allow an attacker to intercept any of the information the apps sent or received.
By overriding the default validation process, Credit Karma’s apps for iOS and Android disabled the default validation process, exposing consumers’ Social Security Numbers, names, dates of birth, home addresses, phone numbers, email addresses and passwords, credit scores, and other credit report details such as account names and balances.
On Jan 24th I registered an account with Creditkarma.com. It claims to be a truly free credit monitoring site to monitor your credit score. I was able to log in on Jan 24th and see my information. I could tell from the items on the credit report that it was in fact my credit report. One week later Feb 1st I tried to log in again and was informed that my account had been deactivated. I contacted Credit Karma, Inc via E-mail which is the only contact information they have. From then on their responses have varied from me not entering the information correctly to the account not existing at all. Yet as of today Feb 11th when trying to log in to the account it still says the account has been deactivated. I have attempted to communicate with them every business day since Feb 1.They offer no resolution yet they have all my personal information. Name, address, SSN#, DOB and my entire credit history. In addition to filing this report I have alerted the FBI, FCC, FTC, and BBB. Do not let this company have your information!!!
CreditKarma.com Reviews
Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information
The FTC alleged that, despite their security promises Credit Karma failed to take reasonable steps to secure their mobile apps, leaving consumers’ sensitive personal information at risk. Among other things, the complaints charge that Credit Karma disabled a critical default process, known as SSL certificate validation, which would have verified that the apps’ communications were secure.
As a result, the companies’ applications were vulnerable to “man-in-the-middle” attacks, which would allow an attacker to intercept any of the information the apps sent or received.
By overriding the default validation process, Credit Karma’s apps for iOS and Android disabled the default validation process, exposing consumers’ Social Security Numbers, names, dates of birth, home addresses, phone numbers, email addresses and passwords, credit scores, and other credit report details such as account names and balances.
On Jan 24th I registered an account with Creditkarma.com. It claims to be a truly free credit monitoring site to monitor your credit score. I was able to log in on Jan 24th and see my information. I could tell from the items on the credit report that it was in fact my credit report. One week later Feb 1st I tried to log in again and was informed that my account had been deactivated. I contacted Credit Karma, Inc via E-mail which is the only contact information they have. From then on their responses have varied from me not entering the information correctly to the account not existing at all. Yet as of today Feb 11th when trying to log in to the account it still says the account has been deactivated. I have attempted to communicate with them every business day since Feb 1.They offer no resolution yet they have all my personal information. Name, address, SSN#, DOB and my entire credit history. In addition to filing this report I have alerted the FBI, FCC, FTC, and BBB. Do not let this company have your information!!!