LifeLock pulls its Wallet apps and deletes user data after security scare

LifeLock, a firm which is supposed to help you protect yourself from identity thieves, has taken the drastic action of announcing that it is yanking its iPhone and Android apps.

LifeLock app

The reason? It looks like it wasn’t doing a good enough job of keeping your private information private.

Oh dear.

Sign up to our free newsletter.
Security news, advice, and tips.

More precisely, according to a blog post by LifeLock CEO Todd Davis, the app failed to reach the standards set by the payment card industry (PCI).

An important update about LifeLock Wallet

One thing I’ve learned in business and, for that matter, life is the importance of authenticity and transparency.

With that in mind, I want to make you aware of an issue that we identified related to our recently acquired LifeLock Wallet application. We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards.

For that reason, we are removing the LifeLock Wallet application from the App Store, Amazon Apps, and Google Play, and when users open the LifeLock Wallet, their information will be deleted in the app.

It’s important to note that at this point the company does not believe there is any evidence that a data breach has occurred, but nonetheless it’s clearly decided that the best approach is to take an abundance of caution.

In his blog post, Davis says that the company has “taken steps” to delete all information collected from the mobile app from its servers.

We have taken steps to delete all stored information for the mobile app from our servers. Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do. As a company dedicated to online security and safety, we are committed to doing everything we can to ensure those who trust us with their personal information can do so without question.

I’m not quite sure what “taken steps” means in this regard. I mean, have they deleted the data or not? Or is it that they’ve made a good attempt at it, but aren’t sure whether they’ve managed to zap all of it.

Clearly this is going to be a headache for some LifeLock users, who may have put passwords and PIN codes into their LifeLock app hoping that the service will remember them on their behalf, only to now find that all the records have been wiped after a security scare.

No doubt LifeLock has calculated that although it’s going to have some upset customers as a result of this action, it’s better than the potential fallout from being seen to have taken half-hearted steps to protect its users, or having sensitive information on those customers exposed.

LifeLockIn my view, the withdrawal of the apps was the right thing to do. And, if it’s possible that sensitive information was being stored insecurely on its servers, then it’s good to hear that they’ve taken steps to ensure that it cannot be exposed.

According to The Next Web, users might still have a life-line if they need to access information they have put into LifeLock before it is wiped.

One of their readers reports that putting phones into “airplane” mode before opening the app allows data to be accessed before it is wiped by LifeLock’s servers.

Of course, once you have made any backups of your information it would probably be sensible to allow LifeLock to erase your information. After all, if the app developers themselves tell you that their app is insecure – who are you to disagree?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.