UPDATED 21:46 EDT / MAY 24 2020

mathway SECURITY

25M customer records stolen from math calculator provider Mathway

Some 25 million records belonging to users of the popular math calculator Mathway LLC have been found for sale on the dark web, a shady corner of the internet reachable with special software.

First discovered by security researchers at Cyble Inc., the stolen data is being sold by Shiny Hunters. That’s the same hacking group behind the theft of data from meal kit delivery service Home Chef and Indonesian e-commerce site PT Tokopedia.

The stolen customer records, which include email addresses and passwords, are being offered for sale for $4,000 by payment of either bitcoin or Monero.

In an interview Friday with ZDNet, a spokesperson for the hacking group said the theft of the data took place in January and involved accessing the company’s backend systems, dumping the database and then removing access to avoid being detected.

Mathway confirmed the hack in a statement, saying it has retained “a leading data security firm to investigate, address any vulnerabilities and remediate the incident.” The company added that it’s “notifying all potentially impacted customers and are requiring password resets for all accounts. We regret any inconvenience this may cause our customers.”

“The exposure of 25 million Mathway usernames and passwords now for sale on the dark web gives fraudsters access to far more than a learning app,” Robert Prigge, chief executive officer of identity verification solutions firm Jumio Corp., told SiliconANGLE. “As consumers frequently use the same username and passwords across accounts, cybercriminals can easily use these credentials to access other user accounts including social media, banking and even insurance. Once logged in, fraudsters can change passwords to lock the legitimate user out, transfer funds and even obtain insurance benefits.”

Prigge noted that parents and students are increasingly turning to e-learning apps as students are forced to work remotely because of the pandemic, making online educational resources an avenue for fraud. “It’s time organizations stop relying on usernames and passwords to keep user accounts secure,” he said. “Biometric authentication — leveraging a person’s unique human traits to verify identity — ensures only the true user can access their account.”

Image: Mathway

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.