Tech company Wappalyzer revealed a security incident after a hacker emailed its customers and offered to sell Wappalyzer’s database for $2,000.
The hacker named CyberMath sent a mail to Wappalyzer customers stating that they have full database of Wappalyzer and that the user has received the email as their email ID is listed in it. He mentioned selling it for 2000$ in Bitcoin and also shared screenshots of the stolen database files.
Wappalyzer sent data breach notification emails to its customers when they came to know about the emails sent by the hacker.
The company confirmed the incident and said the hack took place on January 20 when an intruder accessed one of its databases, which was left exposed online due to a misconfiguration.
Even though the company admitted the breach, they downplayed the severity of the security breach stating that the data does not include personal information. They asked the customers to mark the email from the hacker as spam and not to reply or click any links on it.
According to Elbert Alias, founder of Wappalyzer, the stolen database contained “technographic data.”
Wappalyzer started as a Firefox add-on in 2008 and it enables users to scan websites and receive a report about what technology stacks (server type, CMS, JS libraries, etc.) the site is using. Users can look up one website at a time, multiple websites in bulk, or they can buy statistical data on the most common web technologies used today.
Technographic data is the data the company collects about all the scanned websites, and it is then sold through its Datasets section on its official website.
The hacker breached and stole this data from a database powering its old website. The company said that their new website went live two weeks ago and the legacy database that was breached is no longer in use.
Most of the stolen data were stats about websites and their underlying technologies. However, some user information was also included in it. The database also contained email addresses of anyone who has requested a quote for a dataset, and billing addresses of anyone who has placed an order.
It is estimated that emails for up to 16,000 Wappalyzer customers were affected in the incident but the number of billing addresses is lower, as all customers who requested a price quote did not make the order.
Alias reported that they have advised their users to not make any data purchases from a criminal for Bitcoin, as it might not contain anything of much use.