Mathway, a popular app to assist students with math, suffered a massive data breach. More than 25 million user records have potentially been sold on the dark web by hackers known as the ShinyHunters.
According to an interview with ZDNet, the hacker claims to have breached the app in January 2020 but began selling data in May 2020. The data has been up for sale for the equivalent of 4 thousand dollars on the dark web. This data included the users’ emails, hashed passwords that may have been cracked, and back-end system data. The creators of Mathway have now alerted users that may have been affected by the breach to change their passwords.
As a college student, I have been using Mathway for a couple of years now to assist me with some complex math problems. Mathway allows you to create an account with them and if you are someone who constantly uses the app like me, you have a choice to purchase a subscription with them. This subscription assists you even more than the free version but charges you up to twenty dollars a month which obtains all of your credit card information when doing so.
On May 29, 2020, I was notified that my account with Mathway may have been affected by this data breach. I was informed that I should immediately change my password in the app in case any of my data was stolen. While doing so, I realized that I use the same exact passwords for many different sites and apps such as Facebook, emails, Instagram, and many others. Because of this, if my passwords were actually stolen, hackers would easily be able to gain access to multiple different accounts of mine.
Lesson 1: Always use unique passwords. It is very important to have completely different passwords for different accounts in situations like these which can leave your data in a vulnerable position.
After working at a SecureCircle for about 6 months, I learned why these data breaches should never occur in the first place. SecureCircle’s Data Access Security Broker (DASB) moves access control policies from the storage system of the data to the data itself. Transforming data protection from device-centric to data-centric. This access control works with local and remote storage systems and cloud file systems without requiring a change to applications.
Lesson 2: With SecureCircle, Mathway could have protected its users’ data wherever and whenever it was moved.
Data breaches like these could easily be avoided with trustworthy data securities like SecureCircle. It is very common for these hackers to target many popular apps such as Mathway because of how many people use the exact same logins for other websites.