25M customer records stolen from math calculator provider Mathway
Some 25 million records belonging to users of the popular math calculator Mathway LLC have been found for sale on the dark web, a shady corner of the internet reachable with special software.
First discovered by security researchers at Cyble Inc., the stolen data is being sold by Shiny Hunters. That’s the same hacking group behind the theft of data from meal kit delivery service Home Chef and Indonesian e-commerce site PT Tokopedia.
The stolen customer records, which include email addresses and passwords, are being offered for sale for $4,000 by payment of either bitcoin or Monero.
In an interview Friday with ZDNet, a spokesperson for the hacking group said the theft of the data took place in January and involved accessing the company’s backend systems, dumping the database and then removing access to avoid being detected.
Mathway confirmed the hack in a statement, saying it has retained “a leading data security firm to investigate, address any vulnerabilities and remediate the incident.” The company added that it’s “notifying all potentially impacted customers and are requiring password resets for all accounts. We regret any inconvenience this may cause our customers.”
“The exposure of 25 million Mathway usernames and passwords now for sale on the dark web gives fraudsters access to far more than a learning app,” Robert Prigge, chief executive officer of identity verification solutions firm Jumio Corp., told SiliconANGLE. “As consumers frequently use the same username and passwords across accounts, cybercriminals can easily use these credentials to access other user accounts including social media, banking and even insurance. Once logged in, fraudsters can change passwords to lock the legitimate user out, transfer funds and even obtain insurance benefits.”
Prigge noted that parents and students are increasingly turning to e-learning apps as students are forced to work remotely because of the pandemic, making online educational resources an avenue for fraud. “It’s time organizations stop relying on usernames and passwords to keep user accounts secure,” he said. “Biometric authentication — leveraging a person’s unique human traits to verify identity — ensures only the true user can access their account.”
Image: Mathway
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU