Security Experts:

Connect with us

Hi, what are you looking for?



Apple Pay Competitor CurrentC Hacked

Merchant Customer Exchange (MCX), the developer of the mobile payment system called CurrentC, is notifying some users that their email addresses have been stolen by hackers.

Merchant Customer Exchange (MCX), the developer of the mobile payment system called CurrentC, is notifying some users that their email addresses have been stolen by hackers.

“Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information,” read the emails sent out by the company to affected individuals.

MCX says the breach affects participants in the CurrentC pilot program and those who have expressed interest in the product. The company has advised impacted users to be on the lookout for phishing emails, and avoid clicking on links or attachments contained in suspicious messages.

The company clarified in a blog post published on Wednesday that many of the compromised email addresses are actually dummy accounts used only for testing purposes. The CurrentC app itself is not impacted by the breach, MCX said.

“We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary,” the organization stated.

MCX is a company created by a consortium of major United States retailers to develop CurrentC, a merchant-owned mobile payment system. The company made headlines this week after two of its members, the Rite Aid and CVS pharmacies, decided to block payments made through Google Wallet and Apple’s recently introduced Apple Pay. The retail giant Walmart, one of the top members of the consortium, is also not accepting payments through Apple Pay.

CurrentC will be launched only next year and, until then, the customers of MCX retailers have no alternative to the classic plastic payment cards. MCX clarified in a blog post that “when merchants choose to work with MCX, they choose to do so exclusively.” The company also noted that those who choose to stop their collaboration with MCX will not have to pay any fines.

As far as data security is concerned, MCX explained that it does not store sensitive customer information in the app, but in a secure cloud-hosted network.


“Removing this sensitive information from the mobile device significantly lowers the risk of it being inappropriately disclosed in a case that the mobile device is hacked, stolen or otherwise compromised,” the company said.

As far as functionality is concerned, CurrentC has been called “clunky“, especially when compared to Apple Pay. Others don’t like the fact that the app requests social security numbers and driver’s license numbers for identity verification purposes when adding a new bank account.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.