If you love recording yourself on Dubsmash, play on Armor Games in your free time, or use the dating app Coffee Meets Bagel, chances are your personal details may have been compromised.
Indian cybersecurity agencies are tracking a massive leak of data from at least 16 online platforms — websites as well as apps — several of which are widely used by Indians. The national Computer Emergency Response Team, in collaboration with global cyberintelligence agencies, is trying to gauge the extent of the damage.
Speaking on the challenges in fighting online hacking, Special Inspector General of Police (Maharashtra Cyber) Brijesh Singh said it was next to impossible to estimate the number of users whose data had been leaked because the figures are not made available to law enforcement agencies.
ADVERTISEMENT
The leak was first flagged by news websites that track cybersecurity and cybercrime, after they noticed that accounts of users of several online platforms were on sale on the dark web. Further investigation reportedly revealed that details of over 600 million accounts stolen from 16 portals were on sale, with payment being accepted in bitcoins.
Armor writes to users
In the early hours of Wednesday, Armor Games sent an email to all its users confirming the leak. “We respect the privacy of our users which is why as a precautionary measure, we are writing to let you know of a data security incident that may involve your personal information,” the email said.
ADVERTISEMENT
“The database affected primarily stores all our website users’ public profiles, login data, birthdays of our admin accounts, and information about our password protection processes at the time. We do not have (and thus, this incident does not involve) first or last names, credit card data, addresses, or phone numbers,” the email said.
Mr. Singh said, “A lot of users connect to such portals using their email IDs and even the passwords that they use are recycled from old ones, making it easier for miscreants to compromise their accounts or devices.”
Other portals reportedly affected include MyFitnessPal, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, BookMate, Artsy and DataCamp.
Cyber security agencies have urged users to immediately update their passwords not only on the compromised portals but on every portal they use to prevent a further breach of information.