Mathway was breached by a hacker and over 25 million emails and passwords were stolen and exposed online. Mathway is one of the most popular math solving applications on the market and has been widely used across the world since later 2000.
This hack is one among the various security breaches performed by a hacker called ShinyHunters. He is also responsible for intrusions at Tokopedia, Wishbone, Zoosk, and others.
The hacker has been breaching companies and putting their data on sale on a dark web marketplace and internet hacking forums for the past few months. It is believed that the hacker has sold more than 200 million user details in total.
Even though more details about the intrusion is not available, the ShinyHunters confirmed that the hack took place in January 2020. They managed to access the backend of the company, dumped the database, and then removed access to avoid being detected.
The Mathway data was available for sale on the dark web since the beginning of this month, and later also began selling it on a public and popular hacking forum.
The data was put up for sale at the price of $4,000 in Bitcoin or Monero. The leaked data includes user emails and hashed passwords. Since the password hashing algorithm is not known, it is not clear whether these passwords could be cracked and converted back to their cleartext forms.
Similar to all the earlier databases that ShinyHunters was selling, the Mathway data is moving from private circles into the public domain.
A copy of the Mathway database was being shared on Telegram channels this week which belonged to “data brokers,” a category of the cybercrime underworld specialized in buying and trading hacked data.
According to a spokesperson at Mathway, they have discovered the breach recently and immediately employed a leading data security firm to investigate, address any vulnerabilities and rectify the incident. He added that they take the customer’s trust seriously and are committed to doing what is right for their customers.
They have also started notifying the impacted customers and recommend the users to reset the password for all accounts.
The app which is available in both Android and iOS is very popular with students providing help with learning basic and advanced math problems.