It seems that all we see in the headlines today is information about the coronavirus. It’s no surprise events are slipping through the cracks. One such event is the Data Breach that occurred at Mathway back in January 2020, and it hit some of the headlines this May. Mathway is one of the top-rated educational apps on the Apple and Google Play Store. During my time at college, I’ve seen others use it and have used this app myself. It’s no surprise another data breach is impacting users from all backgrounds. Let’s move into some of the details of this breach.
Data Breach Details
Initially, there were only rumors of Mathway databases being sold on private sites on the dark web. These reports were confirmed when a posting of 25 million user records appeared on a more “mainstream” hacking form on the dark web. The posting listed the 25.8 million accounts for $4,000, payable in Bitcoin (BTC). The hacker group, Shiny Hunters, responsible for the Mathway breach, is also responsible for other recent data breached (Microsoft Github Hacking). So, what did the hacking group get?
This data breach revealed plaintext emails and hashed and salted passwords. If there is a good side to this data breach, its that Mathway was hashing and salting passwords, and not storing them in plaintext. It is currently unclear what hashing algorithm Mathway is using; however, Mathway says that “they’re committed to doing what is right for our customers.” With that said, What makes this breach different from others?
Let’s analyze the users of Mathway. When I think of this app, my mind instantly goes to students. These students can range from middle school to college, and I’m sure even some individuals out of school are using this app. Primarily, students fall under the age category of teenagers and young adults, with the occasional adult. This statement is not to say other parties were not affected by this breach. I’m sure individuals that are not students have used this software as well. To find out if you were affected by this data breach, visit Have I Been Pwned? If you’re on there, what are your next steps?
The first thing you should do if you find out you’re affected by this breach is to change your password on Mathway. If you reuse the same password across multiple sites, you should change those passwords as well. Yes, the revealed passwords are hashed and salted. However, there is still a possibility that the hacker group has more information, or the hashing algorithm is weak. To be safe rather than sorry is a worthwhile investment in this case. If you are one to reuse passwords, use this as your ‘get out of jail free’ card while you still have time to change your password.