Security high risk using the app

this app is not safe. Just logged in with my email & verification email from curve to find I am in someone else’s account but showing my email. I can see everything in the account, good job I am honest. This is a security breach of accounts and a #gdpr breach worrying who has my details & knows what cards are in my account. I have lost confidence in the company and how lax the security is and most importantly, the phone line people cannot help one has to wait for normal daytime opening hours and hope yes hope someone will help ASAP. Not a great position to be in wondering who may be using my cards logged in Curve system and have access to my personal information. Think :thinking: twice before relying on security in the app.

Thank you for flagging this. We are currently investigating this case and will reach out to you directly. Please find our message in your DMs so we can verify and locate your customer account.

Thankfully, the only thing you can see is the random guy’s past transactions and the last 4 digits of each card saved in the account. So while it’s comprised, you can’t actually use the person’s cards or his Curve account. The best you could do is remove the cards.

But that could all change with this upcoming beta, then this would have been super serious.

Can see his name and telephone number and like you said past transactions, seems he used my email address last year to open the account, but he did not verify the email address, I did when I logged in with my email and they sent me the verification magic email. I have always had that email address but was using a different one for Curve account until I found out Google was storing every receipt they sent me! Google is storing all purchases bought with a Gmail account and its not only the receipts it has all the items prices etc etc, very nasty no doubt they are selling that info.

Curve doesn’t require a validated email to add credit cards?

Also, as I recall Curve stores and displays the last 4 digits of a card - which some sites have asked me for to verify my account (specifically Namecheap) which means regardless this is quite serious

Edit; it also shows expiry - which is actually awful because that will get you past security checks with many companies.

Thank you for flagging this issue with your account @Zippy, following the immediate investigation, we can confirm this was an isolated incident and has now been successfully resolved.

Sounds to me like this only came about because somebody used another person’s email address in the sign up process - which isn’t really something that Curve can be blamed for…

…on the subject of Gmail, it’s pretty common knowledge that Google reads your emails to look for stuff it can use in your profiling - it does that with literally all of it’s services, it’s the primary way they make money! If you don’t like it, you need to go to Microsoft or Apple who keep your private information private :wink:

I’m going to close this topic now as we know what has happened and to avoid the topic going off topic.

1 Like

Resolved