Exploit: Unauthorized database access
Aptoide: Alternative Android App Store
Risk to Small Business: 1.637 = Severe
Hackers posted a trove of user data on a Dark Web hacking forum, forcing Antoide to temporarily disable new account registrations, logins, reviews, and comments. It’s unclear if those responsible are seeking a ransom payment, but the cache of 20 million accounts is part of a larger, 34 million account collection that hackers have yet to release. This breach is particularly problematic for the alternative app store because the service has lauded itself as a more secure and credible alternative to the more popular Google Play store.
Individual Risk: 2.217 = Severe
According to Aptoide, the breach affects users who registered for an account between July 21, 2016, and January 28, 2018. The compromised information includes names, email addresses, hashed passwords, registration dates, IP addresses, device details, and dates of birth. Those impacted by the breach should immediately update their account passwords and enroll in credit and identity monitoring services to ensure that this information isn’t being misused.
Customers Impacted: 20,000,000
How it Could Affect Your Customers’ Business: This incident is a damaging blow to Aptoide’s reputation. Notably, the breach resulted from a third-party data center, serving as a reminder to all companies that, even when they do everything right to protect customer information, third-party data breaches can still compromise this highly-valued data. Therefore, companies committed to data security need to put the right measures in place to ensure that accounts remain secure, even when third-parties are compromised.