The Lenovo Superfish Scandal

Superfish is a type of adware that performs a man in the middle attack to force users to view advertisements. The Superfish scandal came as a result of Lenovo including the Superfish adware on its laptops between September 2014 and February 2015. 

How serious was the scandal? Security researcher Marc Rogers wrote that it’s “quite possibly the single worst thing I have seen a manufacturer do to its customer base”, going so far as to recommend that every single affected laptop be considered potentially compromised. 

The scandal led to serious concerns among Lenovo customers about whether or not Superfish’s computer spy software posed a threat to their security. As part of its design the software presented users with its own fake certificate instead of the legitimate site’s certificate, which meant that end-users could not trust that SSL certificates were legitimate. 

Equifax’s Mobile Application

In 2017 Equifax agreed to pay a settlement between $575-700M after the personal and financial information of nearly 150 million people was leaked from an unpatched database. Alongside this breach security researcher the MSP Decime discovered that Equifax’s mobile phone apps that did not consistently use HTTPS, potentially allowing attackers to intercept data as users accessed their accounts.