Laptop maker Lenovo has agreed to pay $3.5 million and make changes in how it sells laptops in order to settle allegations it sold devices with pre-loaded software that compromised users' security protections.
The agreement with Connecticut, the Federal Trade Commission and 31 other states was announced on Tuesday after a two and a half year dispute.
The software in question, called VisualDiscovery, appears to affect Internet Explorer and Google Chrome on the Lenovo laptops sold between August 2014 and January 2015.
Scroll down for video
Lenovo, a major laptop maker, has agreed to pay $3.5 million and make changes in how it sells laptops in order to settle allegations it sold devices with pre-loaded software that compromised users' security protections. Pictured: The ThinkPad Helix, which was released during the affected period - although the firm has not released details of exactly which models are hit
By tracking users' web searches and browsing activity, VisualDiscovery was able to place additional ads on sites they visit and did so without consent.
The FTC complaint alleges VisualDiscovery used and insecure method to replace digital certificates (which signal to a browser that an encrypted websites is authentic) with its own VisualDiscovery-signed certificates, replacing them without first verifying the digital certificates were valid.
Because of this, the software blocked browsers from warning users when they tried to access malicious websites.
VisualDiscovery also used the same, low-strength password on all affected laptops rather than creating a unique one for each device.
The software was also able to access consumers' sensitive information, including Social Security numbers, login credentials, medical information, and financial and payment information, the FTC said.
The purpose of VisualDiscovery, an ad software from the company Superfish, was to deliver pop-up advertisements.
The Chinese computer manufacturer says VisualDiscovery helps users find products online by analysing images and presenting similar, cheaper products.
But security analysts and the FTC claim that what VisualDiscovery actually does is serve intrusive ads, as well as compromise private information such as bank details and passwords.
The software appears to affect Internet Explorer and Google Chrome on the Lenovo laptops sold between September 2014 and January 2015.
Users first began raising concerns about the software in September 2014.
Lenovo acted as a middle man between users' browsers and sites - even encrypted ones - they visited.