Computer manufacturer Lenovo is in hot water this week after pre-installing software that tracks your Internet activity to show you personalized ads. While that sounds a little shady on its own, it gets even worse: Security experts say the software, called Superfish, can open up a nice big door that lets hackers intercept your data.
Lenovo said in a Thursday statement that it stopped pre-loading Superfish on laptops last month, and it won’t do so again in the future. Now, Lenovo is going a step further: It just posted instructions for Lenovo owners to tell if they have Superfish and, if they do, how to erase it.
That’s a significant backtrack for Lenovo: Earlier Thursday, the company said it could not “find any evidence to substantiate security concerns” over Superfish.
Security experts, however, disagreed. They say the problem with Superfish is that it’s able to scan your Internet activity even when you’re on encrypted sites by spoofing a website’s security certificate. Hackers can take advantage of that fake certificate process to steal your data while it’s in transit.
If you’ve got a Lenovo computer, it’s a good idea to follow these instructions to see if you have Superfish and get rid of it.
More Must-Reads from TIME
- Cybersecurity Experts Are Sounding the Alarm on DOGE
- Meet the 2025 Women of the Year
- The Harsh Truth About Disability Inclusion
- Why Do More Young Adults Have Cancer?
- Colman Domingo Leads With Radical Love
- How to Get Better at Doing Things Alone
- Michelle Zauner Stares Down the Darkness
Contact us at letters@time.com