PORTLAND, Ore. — The Federal Trade Commission says the mobile applications of movie ticket seller Fandango and credit report provider Credit Karma may have exposed millions of users' sensitive personal information, including credit card data and Social Security numbers.
The companies failed to properly secure their apps over a multiyear period, potentially exposing information users sent or received, the FTC said.
Fandango and Credit Karma, which fixed the security issue last year, said Friday that they are not aware of any individual's information being compromised. But the FTC said that due to the nature of the types of attacks, it would be nearly impossible to trace.
Fandango, owned by Comcast Corp., and Credit Karma agreed to settle the FTC's charges that they misrepresented the security of their applications and failed to secure information.
As part of the settlements, the companies agreed to establish more comprehensive security programs and undergo independent security assessments every other year for the next 20 years.
Fandango may have exposed consumers' credit card, email address and passwords through its application for Apple's iOS operating system between March 2009 and March 2013, according to the complaint.
Credit Karma's may have exposed consumers' names, Social Security numbers, birth dates, addresses, phone numbers, credit scores and more. This affected its iOS applications used between July 2012 and January 2013. The company also launched an Android version of its app in 2013 without proper security steps, an issue that it later resolved.
The FTC does not have a specific figure of how many people may have been made vulnerable. But it noted in its complaint that Credit Karma's app has been downloaded more than 1 million times and Fandango's has been downloaded more than 18.5 million times.