[BreachExchange] Mathway investigates data breach after 25M records sold on dark web
Destry Winant
destry at riskbasedsecurity.com
Tue May 26 10:21:51 EDT 2020
https://www.bleepingcomputer.com/news/security/mathway-investigates-data-breach-after-25m-records-sold-on-dark-web/
A data breach broker is selling a database that allegedly contains 25
million Mathway user records on a dark web marketplace.
Mathway is a calculator that allows users to type in math questions
and receive an answer for free through their website or via Android
and iOS apps.
The Mathway app is top-rated, with over 10 million installs on Android
and ranked as #4 under education in the Apple Store.
Earlier this month, cyber intelligence firm Cyble told
BleepingComputer that they were tracking a potential data breach of
Mathway after a purported database was being sold in private sales.
This week, a data breach seller known as Shiny Hunters began to
publicly sell an alleged Mathway database on a dark web marketplace
for $4,000.
Mathway database advertisement
In a sample of the database shared with BleepingComputer, the most
concerning of the exposed data are the email addresses and hashed
passwords. Otherwise, the data is mostly what appears to be system
data.
Database sample
Mathway told BleepingComputer that they are currently investigating
the reports of a data breach.
"We are aware of reports of a potential data compromise. We are
working with cybersecurity experts to investigate further, and will
take the appropriate steps to ensure the security of customer
information." Mathway said in a statement to BleepingComputer.
In a second email, Mathway told BleepingComputer that they should have
more information soon.
If you use Mathway and want to check if your account is part of this
breach, you can use Cyble's AmIBreached data breach lookup service.
To be safe, all Mathway users should also change their password on the site.
If you use this same password at any other site, you should change it
to a new unique password at that site as well.
It is suggested that you use a password manager to help keep track of
unique and complex passwords at every site that you visit.
More information about the BreachExchange
mailing list