[BreachExchange] Wappalyzer discloses security breach after hacker starts emailing users

Destry Winant destry at riskbasedsecurity.com
Fri Apr 17 10:10:16 EDT 2020


Tech company Wappalyzer has disclosed a security incident this week
after a hacker began emailing its customers and offering to sell
Wappalyzer's database for $2,000.

"If you receive this e-mail it's because we get the full database of
Wappalyzer, and your e-mail is on the database," the hacker, going by
the name of CyberMath, wrote in an email sent to Wappalyzer customers
this week.

"I'm selling the full .sql for 2000$ in Bitcoin," the hacker added,
while also sharing screenshots of the stolen database files.

Wappalyzer did not dispute the fact that it suffered a security
breach. As soon as the hacker began email customers, the company sent
out an email of its own.

In a data breach notification email, Wappalyzer confirmed the incident
and said the hack took place on January 20 when an intruder accessed
one of its databases, which the company said it left exposed online
due to a misconfiguration.

However, while the company admitted there was a hack, it downplayed
the severity of the security breach.

"Some of our customers received an email from the perpetrator offering
to sell stolen datasets. This data does not include personal
information. If you receive such an email, mark it as spam and do not
reply or click any links as it's likely a scam," the company told

Why Small Businesses Should Know How to Defend Against Hackers
Is Your Small Business Safe From Cyber Threats
Sponsored by HPE

In an email interview today, Wappalyzer founder Elbert Alias told
ZDNet that the stolen database mostly contained "technographic data."

The company, which started as a Firefox add-on in 2008, lets users
scan websites and receive a report about what technology stacks
(server type, CMS, JS libraries, etc.) the site is using. Users can
look up one website at a time, multiple websites in bulk, or they can
buy statistical data on the most common web technologies used today.

Technographic data is the data the company collects about all the
scanned websites, and it is also the data the company sells through
its Datasets section on its official website.

Alias told ZDNet the hacker breached and stole this data from a
database powering its old website.

"Our new website went live two weeks ago and no longer uses the legacy
database that was breached," Alias said.


But while most of the stolen data were stats about websites and their
underlying technologies, some user information was also included.

"The database also contained email addresses of anyone who has
requested a quote for a dataset, and billing addresses of anyone who
has placed an order," Alias said.

Emails for up to 16,000 Wappalyzer customers were taken in the
incident, Alias told ZDNet. The number of billing addresses is most
likely lower, as not all customers who requested a price quote also
followed through with an order.


All in all, the hacker doesn't appear to have stolen any meaningful
information, hence the reason they're now trying to trick customers
into buying the data.

"We've advised our users against attempting to purchase data from a
criminal for Bitcoin, as they may well get nothing in return," Alias
told us.

"The stolen data is already outdated. Our datasets are updated
continuously and never contain data more than three months old."

More information about the BreachExchange mailing list