The “Aptoide” Android App Store Leaked Details of 20 Million Users

  • Users of the Aptoide Android app store have had their PII and technical information exposed.
  • The data was bundled in a database file and is shared on a well-known hacking forum.
  • Aptoide has a unique approach in app management, but this security incident will have an adverse effect on its usage rates.

A new data dump has been uploaded on a hacking forum, apparently containing the details of 20 million users of the Aptoide Android app store. The data was obtained and analyzed by the dark web leak monitoring platform “Under the Breach”, who also shared a copy with ZDNet. By analyzing the entries, the researchers have figured that the data dump concerns Aptoide user registrations that took place between July 21, 2016, and January 28, 2018.

The hacker claims that he/she is in possession of another 19 million records that are to be published in the future. As the hack is claimed to have happened earlier this month, the second batch may concern user registrations between 2018 and today. If that is the case, the second batch may be sold instead of openly shared with everyone. As for the contents of the first batch, this includes full names, usernames, email addresses, hashed passwords, date of registration, sign-up IP addresses, device details, and dates of birth. In addition to these PII (personally identifiable information), there are also details about the user’s account status, their sign-up and developer tokens, their account type, and even the referral origin.

Source: ZDNet

ZDNet has confirmed that the PostgreSQL database file that was on offer on the hacking forum is still up and accessible for download by anyone. ZDNet reached out to Aptoide to alert them and get a comment, but they didn’t hear back. Aptoide is used by over 150,000,000 users at this moment, counts a total of 7 billion app downloads, and offers a vast collection of one million apps. That said, the unofficial Android marketplace is very popular and widely used, and the particular exposure introduces grave risks for a large number of people.

Aptoide’s difference with the Google Play Store is that it is entirely decentralized, completely open-source, and allows the user to set up or define custom repositories for specific apps. Back in October 2018, Aptoide sued Google over anti-trust practices, after the tech giant decided to enforce the deletion of the Aptoide app from Android devices by introducing the relevant rule on Play Protect. Aptoide lost a number of users back then, and they are likely to lose more now, due to this latest security incident.


Recent Articles

Xiaomi Looking to Deploy Massive Upgrades on the MIUI 12 Camera App

Xiaomi wants to make the MIUI 12 Camera app as exciting as it can be, and is experimenting with a set of new...

Cerberus Was Found Lurking on the Google Play Store

The Cerberus app wore the sheepskin of a Spanish currency converter app and entered the Play Store. The app followed the tactic...

The “Music Mission” Anti-Piracy Campaign Makes Stunning Revelations

The “Music Mission” has released its first findings around pirating platforms, and the size of some is startling. What is more alarming...

The Vast Majority of Home Routers Are Vulnerable in One Way or Another

Many router models that are sold in Europe are vulnerable to exploitation using known flaws. Most vendors are using unsafe securing methods,...

H.266/VVC Codec Officially Announced – Bringing Higher Quality Video While Drastically Reducing Data Consumption

Currently, the H.265 HEVC is the most popular video codec in consumer devices, processing over 90% of video bits on the global level. ...