The incident originated in January 2020 when a threat actor, known as "ShinyHunters," gained unauthorized access to Mathway's backend systems. By dumping the database and subsequently removing their own access to avoid detection, the hacker secured a massive trove of sensitive information. This data included not only emails and device information but also "salted" password hashes—cryptographic protections that, while better than plain text, are not invincible to sophisticated decryption attempts.
This breach underscored a critical failure in the security measures of popular learning tools. Experts pointed toward a lack of rigorous access and privilege controls as a primary reason the breach went undetected for months. It highlighted the need for organizations to move away from simple username-password combinations toward biometric authentication and multifactor security. mathway 16,5 mil.txt
The of 2020 exposed approximately 25 million user records , not just 16.5 million. The compromised data, which included names, email addresses, and salted password hashes, was later found being sold on the dark web for roughly $4,000 in Bitcoin . The incident originated in January 2020 when a