The Federal Trade Commission has confirmed the mobile apps of movie ticket-seller Fandango and Credit Karma might have exposed millions of users' personal information, according to a FTC press release.
Exposed information could include credit card data and Social Security numbers.
The two companies supposedly failed to secure their apps for more than a year, potentially exposing sent or received user information, according to the release.
"Consumers are increasingly using mobile apps for sensitive transactions. Yet research suggests that many companies, like Fandango and Credit Karma, have failed to properly implement SSL encryption," said FTC Chairwoman Edith Ramirez, according to the release. "Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps."
Both companies said on March 28 that they aren't aware of any individual's information being "compromise" but that doesn't mean nothing has happened. The FTC said that due to the nature of the types of attacks, it would be close to impossible to trace, according to the release.
The two companies reached a settlement with the FTC, agreeing to establish better security programs, and taking part in independent security assessments every other year for the next 20 years.
The settlements also ban the companies from "misrepresenting the level of privacy or security of their products and services," according to the release.
Fandango and Credit Karma claimed the security issue was fixed in 2013.
Information that might have been leaked by Credit Karma includes: birthdates, phone numbers, credit scores, addresses, and more.
Fandango might have exposed consumers: names, emails, and passwords through its apps for Apple's iOS operating system from March 2009 through March 2013, according to the release.
"This is something that would be undetectable to either the consumer or the company," Nithan Sannappa of the FTC's Bureau of Consumer Protection said, according to USA Today.
The issue affected its iOS apps used from July 2012 through Jan. 2013, according to the release. An Android version was released in 2013 without the necessary security steps, but the issue was supposedly later resolved.
The FTC has yet to say how many people might have been made vulnerable. Fandango's app has been downloaded over 18.5 million times, and Credit Karma's app has been downloaded over one million times, according to the release.
See Now: OnePlus 6: How Different Will It Be From OnePlus 5?
