Me: I just heard of this awesome App called MyFitnessPal (MFP) which allows one to track their own calorie count by referencing their searchable food database of over 300,000,000 items.
BuffLord95: Wow, what else?
Me: As long as you have the internet, you can also add foods and recipes of your own into the database and the App will continue to learn from you, enabling a better and more accurate reflection of your calories intake.
BuffLord95: Wow, I’m sold.
Not to be outdone.
Player94: Have you all heard of Coffee Meet Bagel (CMB)?
BuffLord95: Sounds familiar, is it a MyFitnessPal competitor that also allows you to track your calorie intake-
Player94: Your head lah, you have a brain the shape of a bagel-centre is it? It’s actually a dating App, and I mean for actual dating, not like those sort in Tinder.
BuffLord95: Wow, what else?
Player94: I actually know of a few couples who met on CMB and subsequently got married.
BuffLord95: Damn, I’m sold.
Player94: Yes, you are.
Unfortunate, “I’m Sold” now literally counts for something else and entails a whole lot more other than belief.
Millions of Account Information Now Selling On The DarkWeb
According to The Register, there’s a bleeding 620 million accounts stolen from 16 hacked websites/apps that are now on sale in the Dark Web.
This treasure trove of information is reported to be available at the Dream Market cyber-souk, located in the Tor network.
For less than $20,000 in Bitcoin, one can purchase this honeypot which consists of account information from the following websites/apps.
In order of number of accounts compromised:
- Dubsmash (162 million)
- MyFitnessPal (151 million)
- MyHeritage (92 million)
- ShareThis (41 million)
- HauteLook (28 million)
- Animoto (25 million)
- EyeEm (22 million)
- 8fit (20 million)
- Whitepages (18 million)
- Fotolog (16 million)
- 500px (15 million)
- Armor Games (11 million)
- BookMate (8 million)
- CoffeeMeetsBagel (6 million)
- Artsy (1 million)
- DataCamp (700,000)
According to The Register:
Sample account records from the multi-gigabyte databases seen by The Register appear to be legit: they consist mainly of account holder names, email addresses, and passwords. These passwords are hashed, or one-way encrypted, and must therefore be cracked before they can be used.
There are a few other bits of information, depending on the site, such as location, personal details, and social media authentication tokens. There appears to be no payment or bank card details in the sales listings.
In other words, this isn’t fake news and real accounts are being compromised here.
MyFitnessPal and CoffeeMeetsBagel
While I’m not quite familiar with 14 of them, I sure know of MFB and CMB.
Here’s what the report has to say about either of them.
MyFitnessPal
It appears that MFP, like MyHeritage and Animoto, had warned customers last year in March 2018 that they were compromised February 2018.
In an later update on the article, a MyFitnessPal said that it had “made every user reset their password following the discovery of the intrusion last year.”
In other words.
CoffeeMeetsBagel
On the other hand, the report states that “This security breach has not been previously publicly disclosed” by CMB in any way, shape or form.
After The Register wrote to CMB (The Register wrote to all affected companies informing them of the Dark Web Sale), CMB responded with: “We are not aware of a breach at this time, but our security team is looking into this now.”
In a later update though, CMB “confirmed at least some user account data was stolen by a hacker who broke into the biz’s systems as recently as May 2018” as The Register had reported.
This was CMB’s statement in full:
“On February 11, 2019, we learned that an unauthorized party gained access to a partial list of user details, specifically names and email addresses prior to May 2018,” the company said in a statement.
“Once we became aware, we immediately launched a comprehensive investigation with the help of experienced forensic experts. We are currently working on notifying the affected user base. The security of our users’ information is important to us, and we apologize for any inconvenience this may have caused.”
That said, I think it wise for any of my readers out there using these Apps, or in fact any other sites or Apps, to remember to change your password regularly.
Else, you may be getting “sold” again and you wouldn’t want that would you?
Read Also:
- From 2025, You Won’t Need to Book an Appointment to Collect Your Passport or IC
- 16 Women Accused Magician David Copperfield of Sexual Misconduct
- Everything About the Johor Police Station Attack & Their Suspects That is Known So Far
- Anchorvale Village, a New Mall in Sengkang, Officially Opens Today (18 May)
- 35 S’pore Talents Got Into Forbes’ 30 Under 30 Including Sprinter Shanti Pereira
- 30YO SCDF Officer Dies While Fighting Fire on Board Tanker in S’pore Waters
Advertisements
