Wappalyzer reveals data breach after hacker disclosed incident to customers
Wappalyzer, a company that specializes in software that uncovers technologies used on websites by detecting ecommerce platforms, web frameworks, server software and analytics tools, reported a security breach earlier this week after a cyber-thief sent emails to users.
It appears that the company became aware of the incident in January 2020, but it chose not to disclose it. Shortly after Wappalyzer customers received an email from the bad actor responsible for the breach, the company confirmed the incident to its clients in an email notification.
The hacker, calling himself CyberMath, told users that he is now selling the full database of Wappalyzer for 2000$ in cryptocurrency, and that he is available for additional communication and information.
“If you receive this e-mail it”s because we get the full database of Wappalyzer, and your e-mail is one the database. I”m selling the full .sql for 2000$ in Bitcoin, if you want more informations, contact me at this email,” said CyberMatch while also adding screenshots of the database files.
According to a screenshot of the e-mail notification received by ZDNet, Wappalyzer disclosed that, “on 20 January 2020 our database was compromised to a misconfiguration. No financial information or passwords were included in the breach. The issue has been resolved and our website is working normally.”
Stop guessing what the internet knows about you. Find out with Bitdefender”s Digital Identity Protection.
Company founder Elbert Alias also told ZDNet that the stolen information mostly consists of technographic data, but 16,000 email addresses and billing addresses of customers who requested a quote or placed an order prior to January 20 on their website may have been included in the stolen datasets.
“There is no action you need to take. If you requested a quote from our website before this date, your email address may have been included in the stolen data. If you placed an order on our website before this date, your billing address may also have been included in the stolen data. Some of our customers received an email from the perpetrator offering to sell stolen datasets. This data does not include personal information. If you receive such an email, mark it as spam and do not reply or click any links as it”s likely a scam,” said Wappalyzer.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021