Top-rated app leaks 25 million user records – delete it now
It’s always disappointing when a popular, well-vetted program succumbs to the efforts of hackers and cybercriminals. We may rely on the apps we use each day to safely assist and entertain us, but when it comes to cybersecurity, we’re all on our own.
Most of the time, these kinds of breaches happen without warning — and they’re not always the fault of the company involved. After all, a popular app means more juicy targets for hackers and dark web shoppers to prey on. Tap or click here to see how MyFitnessPal suffered a similar fate in 2018.
And now, one of the most highly rated and popular apps on Android and iOS appears to have suffered a data breach of its own. A database belonging to this app was discovered for sale on a Dark Web marketplace, and the files involved include email addresses and passwords. If you share a password with any other accounts, it’s time to change it immediately!
Mathway learns about data breaches the hardway
According to BleepingComputer, cybersecurity firm Cyble detected what appeared to be a potential data breach of Mathway, a popular free calculator app that can solve complex math problems. The app is well received, with over 10 million downloads on Android and a rank of #4 under education in the iOS App Store.
Cyble initially discovered the breach thanks to the efforts of the Shiny Hunters, a hacking collective notorious for selling stolen data on Dark Web marketplaces. An alleged Mathway database was among the wares the Shiny Hunters had for sale, which includes data points like email addresses, passwords and back-end system data.
Tap or click here to see what the Shiny Hunters were up to last time.
Mathway responded to BleepingComputer by confirming they were investigating the issue. Meanwhile, registered Mathway members may want to confirm whether or not their data was included in the breach by visiting Cyble’s AmIBreached website and checking their email address.
Why is this breach bad? It doesn’t seem like a lot of personal information leaked
Looks can be deceiving. If a person has an account breach, the password they used for that account is now forfeit to whoever stole or purchased it. But let’s take things a step further: Suppose the breached account included an email address and a password.
Naturally, a hacker’s first instinct will be to check if they can log into that email account using the password they obtained. Many people have a tendency to use the same password across multiple accounts, and this mistake can lead to a hacker (like our hypothetical one) gaining access to all your accounts.
If you were affected by this breach, your first priority is to change your password for Mathway, followed by any other accounts that share the same password. Make it something complex enough where it can’t be guessed but easy enough to save or remember. Tap or click here to find out how to make stronger passwords than ever before.
In the future, you may want to create separate email addresses for your online accounts to prevent further breaches can happen. Until biometrics or another, more secure standard than passwords are widely adopted, we’ll have to prepare for leaks like this on a regular basis. Tap or click here to see what the end of passwords might look like.
Tags: Android, apps, breaches, cybercriminals, cybersecurity, Dark Web, hackers