Skip to Content
© Info723783 | Dreamstime.com
Security & privacy

Data breach! 20 million app store credentials leaked

You’re home, in serious need of new ways to stay entertained. You can only watch “Tiger King” so many times before you snap and decide it’s a good idea to get yourself a bleached mullet.

The good news is companies are trying to lend a hand by offering free stuff like movies, fitness tools and educational materials. Tap or click here for a huge list of free items and how to get them.

Another way to stay busy? Download some new apps for your smartphone or tablet. But be careful where you get them! One popular app store just suffered a massive data breach, and your personal information could be exposed.

Hackers steal millions of third-party app store profiles

A word of wisdom from the tech pros at Komando.com: You should never download apps from third-party stores. They don’t have the proper security in place and aren’t able to keep malicious apps out of their stores as well as Apple’s App Store and the Google Play Store can.

While the official app stores aren’t 100% safe, you have a much better chance of avoiding malicious apps if you stick with them. Tap or click here for a recent example of a third-party app store gone wrong.

Case in point, a popular Android app store was just hit with a huge data breach that exposed more than 20 million users’ credentials.

We’re talking about Aptoide, which says “recent studies prove that Aptoide is the safest Android app store.” It’s time for a new study.

Aptoide has about 150 million users worldwide. At least 20 million of them just had their credentials stolen by hackers. And nearly 19 million more users could be impacted when it’s all said and done.

The Aptoide team posted a warning about the breach earlier this week. “It has come to our knowledge that the Aptoide database may have been a victim of a hacking attack and a possible data breach,” according to the company’s site. “Our team is evaluating the threat and, if confirmed, taking measures to correct it.

Meanwhile, we would like to rest you assure that all user passwords were encrypted. Besides your email address used for login and encrypted passwords, no Aptoide user’s personal data is in the database.”

Aptoide says physical addresses, credit card information, phone numbers and other personal data were not part of the breach. Hopefully that’s true. It’s bad enough having your login credentials stolen; you don’t want to add banking information on top of that.

You may also like: 5 apps to make managing stress and anxiety easier right now

If you’ve ever used the Aptoide store, it’s time to act. What should you do?

How to protect yourself after a data breach

Here are some security suggestions to follow after any major data breach.

Change your passwords

The first thing to do ASAP is to change your account password. Aptoide already said it will be messaging users who were impacted by this breach, asking them to change their passwords — but don’t wait for a notification. Just do it.

If you use the same password for multiple accounts, change them all. And please don’t do that anymore!

Having the same password for multiple accounts puts them all at risk. It’s best to have strong, unique passwords for every online account. Tap or click here for ways to create stronger passwords.

Enable 2FA

Whenever two-factor authentication is available, use it. That way if a site gets hit with a data breach and your password is exposed, hackers will need a second way to identify themselves before they can get into your account. Tap or click here to protect your social media accounts with 2FA.

Keep an eye out for phishing attacks

Think of data breaches like this as fuel for cybercriminals. They’ll try to take advantage, most likely in the form of phishing emails or scam phone calls.

You might receive a call or email claiming to be from Aptoide asking you for personal details or to click on a link. We’ve said it before and we’ll say it again: Never click on links inside unsolicited emails.

They are very likely malicious attempts to send you to spoofed websites that will end up ripping you off or infecting your device with malware.

If you have business to conduct with a company, it’s best to type the web address directly into your browser. That way you know you’re on the official site and not a fake.

You may also like: The great 5G conspiracy

Check your bank accounts

Even though Aptoide claims payment information wasn’t stolen in this breach, it’s always better to be safe than sorry. Keep an eye on your bank accounts and credit card statements. If you see any suspicious activity, report it immediately.

If you weren’t convinced to stay away from third-party app stores before, we hope this did the trick. From now on, stick with the official stores.

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now