Aptoide, a third-party app store for Android applications, recently admitted that one of its databases may have been a victim of a cyberattack and suffered a possible data breach. In an official statement, Aptoide stated that login emails and hashed passwords were leaked in the attack, however, no personal data was compromised. “Aptoide users were never requested for physical addresses, credit card information, telephone numbers, or other personal data.” Aptoide said in a statement.
Aptoide assured that all its user passwords were encrypted. The company is evaluating the attack and has halted the sign-up option temporarily until a full audit is conducted. Aptoide also urged its users to change their credentials as a security measure.
Leaked Data Published on Hacker Forum
The Have I Been Pwned? website added Aptoide’s data breach entry stating that the app store had suffered a data breach exposing 20 million customer records in a hacker forum. It is said that data breach occurred on April 13, 2020, and published the precise number of compromised accounts as 20,012,235. Have I Been Pwned? is a website that allows internet users to check whether their personal data has been compromised by data breaches.
“In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum. Impacted data included email and IP addresses, names, IP addresses and passwords stored as SHA-1 hashes without a salt,” the website said in a post.