SECURITY
SECURITY
SECURITY
25M customer records stolen from math calculator provider Mathway
Some 25 million records belonging to users of the popular math calculator Mathway LLC have been found for sale on the dark web, a shady corner of the internet reachable with special software.
First discovered by security researchers at Cyble Inc., the stolen data is being sold by Shiny Hunters. That’s the same hacking group behind the theft of data from meal kit delivery service Home Chef and Indonesian e-commerce site PT Tokopedia.
The stolen customer records, which include email addresses and passwords, are being offered for sale for $4,000 by payment of either bitcoin or Monero.
In an interview Friday with ZDNet, a spokesperson for the hacking group said the theft of the data took place in January and involved accessing the company’s backend systems, dumping the database and then removing access to avoid being detected.
Mathway confirmed the hack in a statement, saying it has retained “a leading data security firm to investigate, address any vulnerabilities and remediate the incident.” The company added that it’s “notifying all potentially impacted customers and are requiring password resets for all accounts. We regret any inconvenience this may cause our customers.”
“The exposure of 25 million Mathway usernames and passwords now for sale on the dark web gives fraudsters access to far more than a learning app,” Robert Prigge, chief executive officer of identity verification solutions firm Jumio Corp., told SiliconANGLE. “As consumers frequently use the same username and passwords across accounts, cybercriminals can easily use these credentials to access other user accounts including social media, banking and even insurance. Once logged in, fraudsters can change passwords to lock the legitimate user out, transfer funds and even obtain insurance benefits.”
Prigge noted that parents and students are increasingly turning to e-learning apps as students are forced to work remotely because of the pandemic, making online educational resources an avenue for fraud. “It’s time organizations stop relying on usernames and passwords to keep user accounts secure,” he said. “Biometric authentication — leveraging a person’s unique human traits to verify identity — ensures only the true user can access their account.”
Image: Mathway
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
