Cyber Incident Victim: Aptoide
Date:
Jan 2018
Location:
Portugal
Summary
A cybersecurity incident involving a third-party Android app store resulted in the exposure of personal data for 20 million users, with the information leaked on a hacking forum as part of a larger 39 million-record dataset. The compromised details included email addresses, hashed passwords, real names, IP addresses, device information, and dates of birth, alongside technical account metadata such as authentication tokens and administrative status indicators. The data originated from user registrations spanning approximately eighteen months prior to the breach discovery and was distributed as a PostgreSQL database export. The Portugal-based platform, which claimed over 150 million global users at the time, did not initially respond to notifications about the leaked records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 17, 2020, a hacker publicly leaked the personal details of approximately 20 million users of Aptoide, a third-party Android app store based in Portugal. The data appeared on a prominent hacking forum as part of a larger dataset containing 39 million records, which the attacker claimed to have obtained through a breach earlier that month. The exposed information covered users who registered or interacted with the Aptoide platform between July 21, 2016, and January 28, 2018. The leaked PostgreSQL database export included personally identifiable information such as email addresses, hashed passwords, real names, registration dates, IP addresses used during sign-up, device specifications, and dates of birth for users who provided them. Technical account metadata was also compromised, including account status flags, authentication tokens, developer tokens, super-admin privileges, and referral source indicators. At the time of ZDNet's report, the dataset remained accessible for download on the forum, though the specific intrusion method used to acquire the data was not disclosed in available sources.
The breach exposed nearly 13% of Aptoide's reported global user base of 150 million. While the article did not document specific instances of credential misuse or fraud stemming directly from this incident, the publication of hashed passwords and email combinations created credential-stuffing risks across other platforms. ZDNet confirmed the breach's validity through collaboration with data breach monitoring service Under the Breach before notifying Aptoide, but received no response from the company prior to publication. This incident occurred against a backdrop of prior challenges for Aptoide, including a separate October 2018 dispute where the company alleged Google's Play Protect service forcibly uninstalled its app from user devices, resulting in the loss of 2.2 million users over two months. The 2020 data exposure represented a significant compromise of trust for an alternative app store positioning itself as a challenger to dominant mobile platforms.