Mathway Data Leak – Experts Commentary

By   muhammad malik
Chief Editor , Information Security Buzz | May 25, 2020 01:23 am PST

A hacker has breached Mathway, a popular math solving application, from where they have stolen more than 25 million emails and passwords. The hack is the latest in a long line of security breaches carried out by a hacker going by the name of ShinyHunters, the threat actor also responsible for intrusions at Tokopedia, Wishbone, Zoosk, and others. Only emails and hashed passwords are included in this leak, but many of these are most likely to belong to children.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Scott Gordon
Scott Gordon , CMO
May 25, 2020 9:28 am

The education sector is particularly vulnerable during social distancing since they need to adjust operations for millions of students and faculty throughout the United States that have been impacted by COVID-19. The edtech digital marketplace is being targeted for cyberattacks and should consider more progressive security controls as institutions, parents and students seek additional online options to facilitate e-learning. Popular learning apps are often fertile ground for hackers – the ShinyHunters breach of Mathway is a prime example. As the breach exposed 25 million emails and passwords, there is the likelihood that some identity theft will go beyond consumer impact and actually expose organizations. As edtech digital suppliers rapidly expand their user base, they must improve their security posture and enhance Zero Trust access policies, such as multi-factor authentication and encrypted communications, to reduce cyber risks, adhere to data protection obligations, and ultimately ensure the safety of their users – particularly minors.

Last edited 3 years ago by Scott Gordon
Robert Prigge
May 25, 2020 9:25 am

The exposure of 25 million Mathway usernames and passwords now for sale on the dark web gives fraudsters access to far more than a learning app. As consumers frequently use the same username and passwords across accounts, cybercriminals can easily use these credentials to access other user accounts including social media, banking and even insurance. Once logged in, fraudsters can change passwords to lock the legitimate user out, transfer funds and even obtain insurance benefits. Parents and students are increasingly turning to e-learning apps as students are forced to work remotely due to the pandemic, making online educational resources a desired avenue for fraud. It’s time organizations stop relying on usernames and passwords to keep user accounts secure. Biometric authentication (leveraging a person’s unique human traits to verify identity) ensures only the true user can access their account.

Last edited 3 years ago by Robert Prigge

Recent Posts

Would love your thoughts, please comment.x