The user information of Aptoide, one of the Android app stores, was stolen by a hacker. About 20 million of the stolen information was shared on a hacker forum. Aptoide will not be able to log in for a short time.
Android users have access to nearly 3 million apps on the official Google Play Store. The best-known app stores outside the Google Play Store are Samsung Galaxy Store and Huawei AppGallery created by manufacturers. Finally, there are third-party app stores that do not come preinstalled on the phone or used by Google.
The largest among such third-party stores is Aptoide, with over 150 million users and about 1 million apps. A hacker captured the information of 39 million people using the Aptoide app store and shared 20 million in a popular hacker forum with their login emails and passwords.
Cyber security experts do not recommend the use of a third party app store:
Aptoide was founded in 2011 and reached a large number of users in a short time. For this reason, we can say that the application is a decentralized application store based on each user managing their store separately. The Aptoide application, which has reached millions of users in this short time, is known as an open source discovery platform. Cyber security experts, on the other hand, do not recommend the use of third party application stores such as Aptoide against possible dangers.
Aptoide, on the other hand, emphasizes how safe the experts are, despite saying so. The app description even says, “All apps are scanned for viruses and we run extra security tests to keep the Android device safe.” However, although there is an article on Aptoide’s homepage, “Recent studies prove that Aptoide is the safest Android store”, there is no information about these studies.
Violations began on April 13:
On April 19, the Aptoide entry was added to the Have I Been Pwned (HIBP) database. This entry indicated that the app store had encountered a data breach and that the information of 20 million customers was shared on a hacker platform. In addition, HIBP stated the start date of the said violations as April 13 and announced the number of compromised accounts as 20.012.235.
Aptoide official Filipa Botelho stated that Aptoide is a victim of hacker attacks and possible data breaches, while Aptoide cannot be logged in until security control ends. When the site is reopened, it is known that users will be asked for a new password due to security measures.