Show vulnerabilities with patch / with exploit
26 May 2020

25 million Mathway user records leak online


25 million Mathway user records leak online

A data brocker going by the name of ShinyHunters, is selling on the dark web marketplace a database that allegedly contains 25 million user records for Mathway, a popular free calculator app that provides users with the tools they need to understand and solve their math problems. The Mathway app has over 10 million installs on Android Play Store and the Apple Store.

Since the start of this month, ShinyHunters has been offering access to databases containing millions user records obtained from hacks of various companies, including Tokopedia, Wishbone, and the Microsoft’s GitHub account.

ShinyHunters told ZDNet that the Mathway hack took place in January 2020. The hacker has not disclosed the details of the breach, only saying that “they accessed the company's backend, dumped the database, and then removed access to avoid getting detected.”

The Mathway data, which included user emails and hashed passwords, was being sold for the equivalent of $4,000 in Bitcoin or Monero. Later, according to ZDNet, the copy of the Mathway database appeared on Telegram channels dedicated to "data brokers," a category of the cyber criminals that specialize in buying and reselling hacked data.

Mathway said in a statement that it is aware of reports of a potential data compromise and that it is investigating the issue.

Back to the list

Latest Posts

Weekly security roundup: July 13, 2020

Weekly security roundup: July 13, 2020

A short overview of last week's top stories in the world of cyber security.
13 July 2020
Hackers are attempting to exploit recent Citrix vulnerabilities

Hackers are attempting to exploit recent Citrix vulnerabilities

Citrix downplayed the impact of the vulnerabilities and said they are less likely to be exploited compared to CVE-2019-19781.
13 July 2020
Zoom patches critical bug affecting Zoom client for Windows

Zoom patches critical bug affecting Zoom client for Windows

The company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.
13 July 2020