User data privacy is one of the most difficult things to protect, proven yet again with a major data breach that sees details of 20 million users of Aptoide, a renowned third-party Android app store, leaked. This is only a part of the data of 39 million users that a hacker has alleged access to. Aptoide touts a userbase of 150 million users. Leaked customer records have data of ‘personally identifiable information’ which includes email address, real name, hashed password, user sign-up date, IP address, device details and even the date of birth of users who had provided the same.
According to information obtained by ZDNet with assistance from Under the Breach; data of 20 million Aptoide users was published on a well-known hacking forum. According to the website – ‘the leaked data was uploaded as a PostgreSQL export file.’ Reportedly, the data relates to users who had signed up on the app store between July 21, 2016 and January 28, 2018.
Even though the date range suggests it is old data, the information was published just recently, which is concerning to users who should consider changing the password as a precautionary measure. 20 million users may sound a small number compared to Aptoide’s claimed 150 million userbase but it is nonetheless concerning, even more so when you realize that the hacker has access to another 19 million users.
The data breach was confirmed by Aptoide through a blog post stating “the Aptoide database may have been a victim of a hacking attack and a possible database breach.” All new signups have been closed as a precautionary measure until a full audit is conducted. Though the blog confirms all user passwords were protected, it may require users to reset passwords as a security measure in the coming days.
This serves as a soft reminder for users to prefer downloading apps through the official Google Play Store only. But there is no denying the fact that the abundance of options to download apps through renowned third-party app stores is probably the biggest strength of Android.