Did you purchase a Lenovo computer between Feb., 2015 and June, 2015? Did you discover that there was spyware pre-installed?

Lenovo has come to a settlement with 32 states regarding violating state consumer protection laws and will pay out $35 million for pre-installing these laptops with Superfish.

The Chinese PC giant had installed the adware for the purpose of helping consumers by analyzing web-based images and suggesting alternatives that might be lower priced. As the company stated: “helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.”

However, the program launched man in the middle (MITM) attacks against the users by running self-signed certificates that broke HTTPS security.

“We thought the product would enhance the shopping experience, as intended by Superfish,” Lenovo said in the aftermath. “It did not meet our expectations or those of our customers. In reality, we had customer complaints about the software.”

"Consumers have a reasonable expectation that their personal information will be protected when they purchase a new personal computer," said Connecticut Attorney General George Jepsen. "In this case, Lenovo instead built software into devices that compromised consumer privacy and failed to make adequate disclosures to consumers that their personal information was being collected and transmitted to a third party. We appreciate Lenovo's cooperation in bringing this matter to an appropriate resolution."

Source: Info Security