The technology firm Wappalyzer has recently admitted to a security breach on their customers. Though, their confession followed a mishap when the attacker began sending emails to Wappalyzer users after acquiring their data.
Hacker Offered Wappalyzer Users To Buy Data
Reportedly, a criminal managed to break into Wappalyzer systems to access their database. Following the security breach, the perpetrator began sending emails to Wappalyzer users.
The users found our about the breach when they received emails purportedly from the hacker. Through those emails, the hacker with alias CyberMath not only claimed to hack Wappalyzer but also offered to sell data. As mentioned in the attacker’s message,
If you receive this email it’s because we get the full database of Wappalyzer, and your email is on the database. I’m selling the full .sql for 2000$ in Bitcoin.
To add weightage to his claim, the attacker also attached screenshots of the stolen data with his message.
Below is a copy of the email shared by one of the users.
After the breach, some users also received another message offering to sell the breached Wappalyzer data.
Wappalyzer Admitted The Breach
After the users received emails allegedly from the attacker, Wappalyzer looked into the matter.
Later on, they confirmed the breach via a separate security notice to users. As revealed, their database fell into the hands of the attacker due to a misconfiguration. The incident happened in January 2020, after which, they quickly rectified the matter.
For now, they confirm that the breach did not affect any passwords or financial data. Yet, it may have included users’ email addresses, and their billing address in case they have ordered before the date of the incident (January 20, 2020).
Though, they do not require any action from users now. They also advise everyone not to attempt buying the offered data since it would be useless. As Elbert Alias, founder Wappalyzer, told to ZDNet,
We’ve advised our users against attempting to purchase data from a criminal for Bitcoin, as they may well get nothing in return. The stolen data is already outdated. Our datasets are updated continuously and never contain data more than three months old.
The incident may have exposed emails of around 16,000 customers, with a much lower count of affected users with regards to billing addresses.
Below is the full email Wappalyzer sent to its users.
Let us know your thoughts in the comments.