Hacker Leaked 20 Million Records Of Aptoide App Store Users On Hacking Forum

Third-party Android application store Aptoide now seems to be in hot water. A hacker has recently leaked 20 million records of Aptoide App Store users on a hacking forum. The hacker further claims to have more data in their possession.

Aptoide App Store Users Records Leaked

Reportedly, a hacker has disclosed a breach of the Aptoide database by sharing its users’ data online.

According to a ZDNet report, the hacker leaked 20 million records of Aptoide app store users on a hacking platform.

Scratching the surface in collaboration with breach monitoring service ‘Under The Breach’ revealed that the leaked data includes details of the users who registered or used the app store during July 21, 2016, and January 28, 2018.

The leaked records include personal and account details of the users, such as email addresses, hashed passwords, sign-up date and IP address, users’ names and birth dates, and device information. Also, it included technical information such as sign-up tokens, account status, developer tokens, referral origin, etc.

Other than the 20 million leaked records, the hackers claim to have more records in hand, making up a total of 39 million records in their possession.

Aptoide Confirms The Data Breach

Following the report, Aptoide has responded to the hacking attack in a recent blog post. As stated,

It has come to our knowledge that the Aptoide database may have been a victim of a hacking attack and a possible database breach.
Our team is evaluating the threat and, if confirmed, taking measures to correct it.

As they investigate the matter, they have stopped further sign-ups on the app store.

We closed the sign up at the Aptoide site until a full audit is conducted, and we have further information.

Though, users’ comments on their post show that they have tried to downplay the incident. This is particularly evident from the fact that they have assured password were secure. However, Troy Hunt’s Have I Been Pwned information states that the passwords were SHA-1 hashed without a salt.

Let’s wait to see how things unfold in the coming days as we get more details. Meanwhile, all Aptoide users must change their passwords as a precaution. Though, what remains a wise idea is to entirely abandon the use of such third-party app stores and stick to official app stores only.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil