The Federal Trade Commission accused Lenovo of installing malicious software on some of their laptops with the intent to be able to deliver ads to the consumers. The laptops came with a program known as VisualDiscovery (made by SuperFish) by default. This software would load up advertisements whenever someone would put their mouse over an image of a product that was sold by SuperFish properties.
Users who would browse through Amazon looking for things to buy, for example, would see an ad show up for the same or similar products sold elseware. This type of adware is not only annoying, it is potentially dangerous since many users don’t realize that they are being directed to another site, which they might not trust.
In addition to the fact that the adware was unwelcomed, it was also very vulnerable to hackers. The low security allowed hackers to collect information about the users including social security numbers, medical information, username and password data, and much more, according to the FTC.
Lenovo released a statement on the settlement in which they said, “While Lenovo disagrees with allegations contained in these complaints, we are pleased to bring this matter to a close after two-and-a-half years. To date, we are not aware of any actual instances of a third party exploiting the vulnerabilities to gain access to a user’s communications.”
They went on to say, “Subsequent to this incident, Lenovo introduced both a policy to limit the amount of pre-installed software it loads on its PCs, and comprehensive security and privacy review processes, actions which are largely consistent with the actions we agreed to take in the settlements announced today.”
The settlement did not include any type of payment or fine. It is simply prohibited from misrepresenting any types of features of the software that they put on their computers. In addition, they can’t transmit any type of sensitive user data to third parties without an affirmative consent from the user.