Android Store Hacked; Up to 40M Accounts Leaked
A third-party Android app store has been hit by a big data breach. Aptoide users who registered between 21 July 2016 and 28 January 2018 may be affected.
Aptoide works in a same way as Google's own Play app store, but isn't subject to its content regulations or security vettings. As with all third-party stores, users must confirm they accept security risks when installing apps from it.
A hacker has published data from 20 million users and claims to have details of another 19 million users altogether. That's a big chunk of the 150 million people Aptoide claims have used its service at some point. (Source: zdnet.com)
Passwords At Risk
The data includes email addresses, dates of birth, the user's real name (where provided) and details of when they signed up, what device they used, and the IP address from which they signed up. That could raise the risk of identify theft as well as being valuable to spammers who are always looking out for lists of real email addresses. Not every user's record contained every type of data.
More sensitive data such as physical addresses and card information wasn't part of the database, meaning it hasn't been exposed.
The published data does also include some account passwords encrypted with hashing. That would mean anyone wanting to access the passwords would likely need a combination of time and serious computing power.
However, it doesn't appear the database encryption used a secondary step called salting, which uses random data to store sensitive information. That means there's a much greater chance that automated tools would succeed in decrypting the passwords.
Reused Passwords a Major Threat
The big danger isn't so much that a hacker could then access a user's Aptoide account. Instead, they could try the combination of the email address and decrypted password on other services that could allow access to confidential data.
If the hackers were able to access social media accounts, they could also sell the details to people who want to use them for purposes such as posting and sharing spam, dubious links or misinformation.
Yet another possibility is that the database of user names, email addresses, and passwords would be sold to spammers, who in turn mass email millions of users claiming to have hacked their PCs and phones (with proof of a real password used in the breached database). Scammers then claim to have spied on the user self-pleasuring to people in the buff using their own webcam, then demand $2000 worth of bitcoin to keep things quiet - otherwise they will send explicit videos to friends and family. This is otherwise known as the Webcam Bitcoin Blackmail Scam.
Related:
- How to Fix: Hackers Hacked My Email, Demand Bitcoin (Scam)
- How to Fix: Hackers Hacked My Phone, Demand Bitcoin (Scam)
Aptpoide says it is investigating the breach and will take any necessary action to correct it. For the time being it has put a hold on new registrations. (Source: aptoide.com)
What's Your Opinion?
Have you ever used a third-party app store? Do you trust such services less than the official stores of firms like Apple and Google? Do you use separate passwords for every site?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Buzz's law
Software security is an Oxymoron like Giant Shrimp.
You need to assume that you will be hacked.
So, first of all,
you never use your real name,
second
you never use your real phone number
third
YOU NEVER PUT YOUR REAL ADDRESS ONLINE!!!!!!!!!!!!!!!!
People have died because of violating this rule. !!!!!
Be sneaky!
Have several different email addresses.
Don't use the one you use for anything having to do with money for anything else.
If you have more than one computer
use only one of them for anything having to do with money and not anything else.
Security questions
Most of you personal data can be found on the internet so,
misspell it!
Hackers are looking for the correct answer, they will never figure this out.
In closing I would just like to tell you
THERE ARE NOT ANY PILLS THAT WILL MAKE YOUR DICK BIGGER!
THERE IS NOT A NIGERIAN KING THAT WILL REWARD YOU HANDSOMLY IN THE FUTURE
IF YOU JUST SEND HIM SOME MONEY NOW!
Don't be stupid
view anything on the internet with a great deal of skepticism!!!!!!!