In a security breach affecting millions of users, popular video app Dubsmash has suffered a data breach affecting 162 million users. The data breach, which occurred in December 2018 exposed 162 million unique email IDs, geographic locations, names, passwords, phone numbers and usernames. This data was then put on sale on the dark web in the beginning of February.
Dubsmash, based out of New York, is a globally popular app, similar to Tik Tok where users make short videos and share them. On Google Playstore alone, the app has over 100 million installations.
This information has now been put out by Have I been Pwned, a website that keeps a registry of data breaches and allows people to check if any of their email IDs have been compromised in a data breach. According to the website, information of the breach was added to its website on February 25, 2019 and the exact number of accounts that were compromised stands at 161,749,950. This includes accounts of users across the globe including India.
“In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to BenjaminBlue@exploit.im,” the information on HIBP states.
How can you check if your data has been breached?
Ideally, Dubsmash should intimate its affected users informing them about the breach, asking them to change their passwords.
However, Dubsmash hasn’t sent out such a communication yet. One can also go to websites such as HIBP (haveibeenpwned.com), where you can enter your email ID and check if it has been a part of Dubsmash’s data breach. In fact, it lets you check if your email ID has ever been breached.
There are a few other websites as well that let you check across a massive database of breaches. There are also identity protection services that send you alerts if any suspicious activity is identified on accounts you use.
Data on sale
The data of Dubsmash was put on sale on the dark web as part of the 617 million accounts that were breached across 16 websites. These websites included MyFitnessPal, CoffeeMeetsBagel, Artsy, MyHeritage, HauteLook, Animoto, ShareThis, 8Fit, among others.
This data was reportedly being sold for less than $20,000 in Bitcoin on the dark web.
According to a report in The Register, 11GB of Dubsmash’s data was being sold for around $1,976 in bitcoin. The seller told the publication that the Dubsmash data was purchased by at least one person.
To know what to do if your data has been compromised, read: