Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Rent-to-own PC Companies Spied on Customers

The FTC has reached a settlement with seven rent-to-own companies, and the developer of a tracking tool, which the agency said was used to violate consumer privacy. The problem stems from the tool itself, which used a “Detective Mode” to track computers that were stolen or behind on payments.

The FTC has reached a settlement with seven rent-to-own companies, and the developer of a tracking tool, which the agency said was used to violate consumer privacy. The problem stems from the tool itself, which used a “Detective Mode” to track computers that were stolen or behind on payments.

According to the FTC, software maker DesignerWare, LLC, collected the data that enabled rent-to-own stores to track the location of rented computers without consumers’ knowledge. The complaint says that in addition to a kill switch the rent-to-own stores could use to disable a computer if it was stolen, or if the renter failed to make timely payments; their software also had an add-on program known as Detective Mode that helped rent-to-own stores locate rented computers and collect late payments.

When Detective Mode was activated, the software logged keystrokes, took screen shots, and photographs using a computer’s webcam. Moreover, it presented a fake registration screen that tricked consumers into providing their personal contact information.

The damning part of the complaint however, is that the data gathered by DesignerWare and provided to rent-to-own stores revealed private and confidential details about the computer users. This includes information such as user names and passwords for email accounts, social media websites, and financial institutions; as well as Social Security numbers, medical records, private emails to doctors, bank and credit card statements, and webcam pictures of children, partially undressed individuals, and sexual activities.

“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said Jon Leibowitz, Chairman of the FTC.

In addition to DesignerWare, The FTC also reached settlements with seven companies that operate rent-to-own stores, including franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase.

The settlements bar the companies from any further illegal spying, from activating location-tracking software without the consent of computer renters and notice to computer users, and from deceptively collecting and disclosing information about consumers.

A copy of the complaint can be seen here

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.