Alternative app store Aptoide has suffered from a data breach. 20 million accounts have been posted out of a claimed 39 million account batch.
Alternative app store, Aptoid, is the latest victim of a data breach. A hacker posted the details of 20 million accounts on a hacking forum recently. The claim is that this represents a large sample of the 39 million the hacker said they have obtained. ZDNet got a copy of the data and said that there is plenty of personal information contained in the breach. From ZDNet:
The leaked information, which ZDNet obtained a copy with the help of data breach monitoring service Under the Breach, contains information on users who registered or used the Aptoide app store app between July 21, 2016, and January 28, 2018.
Data leaked today that can be classified as “personal identifable information” includes details such as the user’s email address, hashed password, real name, sign-up date, sign-up IP address, device details, and date of birth (if provided).
Other details also include technical information such as account status, sign-up tokens, developer tokens, if the account was a super admin, or referral origin.
This month has been rather active on the news front, but we did manage to catch a few interesting security incidences. Previously, we reported on the San Francisco International Airport suffering from a data breach where two of its websites were compromised. Before that, we covered Marriott’s third security incident. That case sparked litigation paperwork being filed against the company.
In the US, privacy is becoming an active debate after the Electronic Frontier foundation (EFF) called for stronger privacy laws following Twitter vaguely changing privacy policies.
As for this incident, users can secure their account by changing their passwords immediately. This will at least prevent unknown third parties from accessing your account. Additionally, good advice is to change your passwords to accounts on other services that use the same password. Generally, password re-use is strongly advised against because it opens users up to credential stuffing. So, ideally, you’ll want to change the passwords to your accounts to something unique.
As for the size of this particular breach, from our perspective, this would be somewhere in the neighbourhood between a small and medium size breach. If that sounds like an understatement to you, that ultimately speaks to how bad the problem with private sector security has become these days. With non-European countries like the US and Canada not really doing anything to address these issues, chances are, we’ll see more of these in the future with no real sign of any of it slowing down any time soon.
Drew Wilson on Twitter: @icecube85 and Facebook.