Hackers accessed personal data from more than 160 million users
According to network security and ethical hacking experts from the International Institute of Cyber Security, Dubsmash, the popular video app, suffered a data breach at the end of 2018. It is estimated that the incident affected about 162 million users, exposing information such as:
- User full names
- Phone Numbers
- Location data
Recently, the compromised information was found for sale on some hacker forums on dark web. The app has more than 100 million downloads only in Google Play Store.
The information has been published on the Have I Been Pwned platform, which records known data breaches and allows users to check if their email credentials have been compromised in any of these incidents. According to this website, the data breach notification at Dubsmash was published on February 25, 2019, specifying that 161,749,950 Dubsmash accounts worldwide were affected.
Although, according to network security specialists, Dubsmash should notify affected users, the company has not made any actions to meet this requirement. However, not everything is bad news, users concerned about the state of their personal information can go to the Have I Been Pwned (haveibeenpwned.com) website, enter their email id and the platform will verify if their account has been Involved in some data breach incident.
Fortunately there are other similar platforms that host huge databases on security incidents where users can verify if their information has been compromised. As an additional measure, network security specialists recommend identity Protection Services, which monitor the network for suspicious activity carried out with the accounts of the affected user.
The information extracted from Dubsmash is offered for sale on dark web along with another 500 million of accounts stolen from sites such as CoffeeMeetsBagel, MyHeritage, MyFitnessPal, among others. Apparently, the entire database is offered at about $20k USD, paid through cryptocurrency transactions.