Posted on May 23, 2020 at 2:26 PM
Cybercriminals Hack 25 Million User Details from Popular Math App
A recent report revealed that a popular math solving application, Mathway, has been hacked. Cybercriminals stole 25 million emails and passwords from the platform and placed them on sale in Telegram channels, hacker forums, and dark web.
This hacking incident is one of the many breaches the hacking group, ShinyHunters, has perpetrated. They were also responsible for infiltrations in Zoosk, Wishbone, Tokopedia, and others.
Hackers have been infiltrating the network of companies and stealing a massive amount of data for the past few months. The hacking intensity rose during this coronavirus pandemic, and hackers are taking to darknet and hacker forums to market their loot. In particular, these ShinyHunters have sold over 200 million details in hacking forums and the dark web.
Infiltration of Mathway occurred in January
The ShinyHunters hacker revealed that the infiltration of the Mathway server occurred in January. “The only thing I can say is that the [Mathway] hack took place in January 2020,” ShinyHunters said on Thursday.
The hackers didn’t oblige to reveal any more details about the hack. They also said they gained access to the company’s backend. Afterward, they dumped the database and removed the access to stay hidden and undetected.
ShinyHunters started selling the stolen data since the beginning of May. They started selling them on the dark web before selling to popular hacking forums and the public.
They are offering the data for sale for a total of $4,000 in Monero or Bitcoin. From some samples of the data, the leaked details include both emails and hashed passwords
However, the algorithm for the hashed password is not known, so no one is sure whether it can be changed to a clear text format. It’s only when the hashed passwords are cracked before they would be valuable to those who are offering to buy them.
Data has been revealed in full
Just like other previously leaked databases by the ShinyHunters hackers, the stolen Mathway data is gradually entering the public domain after it was first released in the private circles.
This week, the hackers sent some copies of the leaked data to the “data brokers” section of Telegram channels. These data brokers are specialized in buying and selling hacked data.
However, the hackers did not include any further details apart from hashed passwords and email details of the leaked data. Most of the details belong to children, which may not be taken likely by their parents.
Mathway says an investigation into the breach is ongoing
When the company was reached to comment on the situation, one of the company’s spokesperson admitted to the breach and promised to inform all affected users whose accounts were involved in the breach.
The spokesperson said Mathway takes its customers’ trust very seriously, particularly in the area of their data.
He said the company is serious about protecting their customers’ data and wants to do everything right. He admitted that the company discovered this breach recently and that the hackers have acquired the account details of its users, including their salted and hashed passwords.
The company said it has already engaged the services of professional security outfits to investigate the situation. It will look into any more vulnerability and find remedies to the incident.
As a result, the company has started informing the affected customers and may require a password reset for all accounts in order to mitigate the impact of the breach.
Presently, Mathway is one of the oldest and most popular math solving apps, with the app running since the late 2000s.
Being a math solving app, it’s more popular with children and students, as it helps users solve both basic and advanced math problems.
Mathway is presently available in iOS and Android versions, as well as a web service. The company is one of many other companies targeted by the ShinyHunters hackers this year alone.