While claims the data was obtained from an earlier breach of Aptoide, there’s no report from the AppStore to date. The data leaked is still available and has details of users’ email addresses, hashed passwords, real names, IP addresses, and device info.
20 Million Out of 39 Million in Total!
Aptoide isn’t as extensive as Google’s Playstore but has a reasonable number of apps for Android users. This reasonably popular AppStore claims to have over 150 million users and has simple UI and navigation features. In 2018, Aptoide blamed Google for secretly uninstalling its AppStore from users’ phones using its Playprotect, without informing users. This caused the Aptoide to lose about 2.2 million users in two months. According to ZDNet, a hacker has leaked over 20 million records of Aptoide’s users’ in a public hacking forum and claims to have over 39 million user records in total. The records contained details about users’ real names, their email addresses, hashed passwords, device details, sign-up date, and IP address and their date of birth if provided. Further, technical information like developer and sing-up tokens, account status, and account’s nature of being a super admin’s or referral origin. The database is in the form of a PostgreSQL export file and is still available for download. This is concerning, as the information leaked was personally identifiable. Though the passwords are hashed, they can be de-hashed by breaking the encryption protocol somehow. Further, the information leaked is related to the users who registered or used the AppStore between July 2016 and July 2018. Via: ZDNet
