Details Of 20 Million Aptoide App Store Users Leaked On Hacking Forum – Expert Insight

News broke over the weekend, detailing that the stolen records of 20 million users of a popular Android app store have been published online by a hacker who claims to have 19 million more. The data includes “personal identifiable information” including the user’s email address, real name, sign-up data and IP address, device details, and even a date of birth for millions of users. It also includes hashed passwords and some technical information.

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
April 21, 2020 12:18 pm

It all comes down to trust in the end, and most of these stores are asking for too much trust up front while delivering too little basis for that trust. The advantage to some degree in the Android ecosystem is that you can choose a different store or set of stores, which let’s marketplaces that focus on privacy and security features and value differentiate from one another. The unfortunate thing is that none seem to be doing it at this point – none are planting the security and privacy flags firmly and with investment. In reality, nothing is wholly secure because it is always an adaptive race against intelligent opponents, but which vendors’ products and services you buy into from mobile phone to home/work computing and from home automation to social media should be acknowledged to be a tacit trust moment as you effectively link your online identity, personas, privacy, security and to some degree safety with one vendor ecosystem or another.

Moving forward, make sure you choose wisely and look to be able to vote with your feet. And if you’re a vendor: now is the time. Try it. Make the effort to lean in and to get good at vetting products more continuously, updating applications, protecting users, limiting damage when it occurs, being resilient and bouncing back, being transparent and generally becoming a security and privacy advocate rather than an apologist. You don’t have to be perfect. You just have to begin.

Last edited 2 years ago by Sam Curry
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x