Dubsmash data breach compromised 162 million accounts. The leaked data included emails, locations, passwords, and phone numbers.
How did it happen? And how can you check if your account was compromised, too?
The breach
In December 2018, the data from 16 hacked websites are posted on sale on the dark web. These data include 617 million stolen online account details.
The leaked information is listed on a dark web marketplace. It is called the Dream Market.
Also, this market listed illegal products, too. It includes drugs, weapons, and more.
The breached data came from the following 16 hacked websites:
- Dubsmash (162 million)
- MyFitnessPal (151 million)
- MyHeritage (92 million)
- ShareThis (41 million)
- HauteLook (28 million)
- Animoto (25 million)
- EyeEm (22 million)
- 8fit (20 million)
- Whitepages (18 million)
- Fotolog (16 million)
- 500px (15 million)
- Armor Games (11 million)
- BookMate (8 million)
- CoffeeMeetsBagel (6 million)
- Artsy (1 million)
- DataCamp (700,000)
However, not all of them confirmed the breach. Some are not aware. Others just chose not to reveal it.
A data breach means stolen personal information from accounts. Usually, it is because the website’s security is weak. Sometimes, it can also happen in an accident.
Cyber experts said that this makes users wary about security. They will be more careful in posting information online.
Dubsmash Data Breach: The Biggest Victim
Dubsmash is a popular app. It is similar to Tiktok. Also, it has over 100 million installations in Google Playstore.
As we can see, Dubsmash data breach is the biggest victim. The exact amount of leaked accounts is 161,749,950. And it is posted for sale for only 0.549 BTC or $1,976.
Moreover, it leaked a total of 11GB of data. It includes:
- User ID
- Hashed passwords
- Usernames
- Email Address
- Country
- Geolocation
- Some first and last names
According to the original report, not all countries are hit by this breach. The countries affected were found in Europe. Some are also located in China and Malaysia.
What You Can Do
There are websites you can visit to check if your data is breached. It includes the popular Have I Been Pwned. You can enter your email and check if you are part of the breach.
Moreover, you can get identity protection services. It will alert you if there are suspicious activities in your account.
Additionally, the data management advised changing your passwords immediately. Not only are the accounts affected, but all of your social and email accounts.
Besides, hackers sell the information to other hackers, too. They will use credential stuffing. It’s about trying usernames and passwords combo. Then, they can unlock an account.
Furthermore, you should update other accounts using the same password in Dubsmash.
Also, you can prevent breaches by using a password manager. Do not use the same password for all your accounts. Otherwise, when they hack one, they can hack the other.
Another tip is to apply two-factor authentication. It will make it difficult for hackers to access your account.
Likewise, you should also avoid sharing your phone number. If possible, do not use your number when signing up. If it’s not required, do not show your number.