A data brocker going by the name of ShinyHunters, is selling on the dark web marketplace a database that allegedly contains 25 million user records for Mathway, a popular free calculator app that provides users with the tools they need to understand and solve their math problems. The Mathway app has over 10 million installs on Android Play Store and the Apple Store.
Since the start of this month, ShinyHunters has been offering access to databases containing millions user records obtained from hacks of various companies, including Tokopedia, Wishbone, and the Microsoft’s GitHub account.
ShinyHunters told ZDNet that the Mathway hack took place in January 2020. The hacker has not disclosed the details of the breach, only saying that “they accessed the company's backend, dumped the database, and then removed access to avoid getting detected.”
The Mathway data, which included user emails and hashed passwords, was being sold for the equivalent of $4,000 in Bitcoin or Monero. Later, according to ZDNet, the copy of the Mathway database appeared on Telegram channels dedicated to "data brokers," a category of the cyber criminals that specialize in buying and reselling hacked data.
Mathway said in a statement that it is aware of reports of a potential data compromise and that it is investigating the issue.