The “Aptoide” Android App Store Leaked Details of 20 Million Users

  • Users of the Aptoide Android app store have had their PII and technical information exposed.
  • The data was bundled in a database file and is shared on a well-known hacking forum.
  • Aptoide has a unique approach in app management, but this security incident will have an adverse effect on its usage rates.

A new data dump has been uploaded on a hacking forum, apparently containing the details of 20 million users of the Aptoide Android app store. The data was obtained and analyzed by the dark web leak monitoring platform “Under the Breach”, who also shared a copy with ZDNet. By analyzing the entries, the researchers have figured that the data dump concerns Aptoide user registrations that took place between July 21, 2016, and January 28, 2018.

The hacker claims that he/she is in possession of another 19 million records that are to be published in the future. As the hack is claimed to have happened earlier this month, the second batch may concern user registrations between 2018 and today. If that is the case, the second batch may be sold instead of openly shared with everyone. As for the contents of the first batch, this includes full names, usernames, email addresses, hashed passwords, date of registration, sign-up IP addresses, device details, and dates of birth. In addition to these PII (personally identifiable information), there are also details about the user’s account status, their sign-up and developer tokens, their account type, and even the referral origin.

Source: ZDNet

ZDNet has confirmed that the PostgreSQL database file that was on offer on the hacking forum is still up and accessible for download by anyone. ZDNet reached out to Aptoide to alert them and get a comment, but they didn’t hear back. Aptoide is used by over 150,000,000 users at this moment, counts a total of 7 billion app downloads, and offers a vast collection of one million apps. That said, the unofficial Android marketplace is very popular and widely used, and the particular exposure introduces grave risks for a large number of people.

Aptoide’s difference with the Google Play Store is that it is entirely decentralized, completely open-source, and allows the user to set up or define custom repositories for specific apps. Back in October 2018, Aptoide sued Google over anti-trust practices, after the tech giant decided to enforce the deletion of the Aptoide app from Android devices by introducing the relevant rule on Play Protect. Aptoide lost a number of users back then, and they are likely to lose more now, due to this latest security incident.


Recent Articles

How to Hide VPN IP Addresses (4 Options That Work)

There are tons of online guides that talk about how you can hide your IP address (here's our own). But we have yet to...

How to Watch ‘Black Clover’ Season 1 – 3 (Dub & Sub) Online

When it comes to manga and anime, everyone has favorites. Well, Black Clover is the favorite of many of our team members, and we're...

Browser Fingerprinting and You (What It Is, How It Works, How It Violates Your Privacy, and What You Can Do)

Many people use VPNs to protect their privacy by hiding their IP address. Websites, hackers, advertisers, and ISPs can't track your geo-location and digital...