Cyber Incident Victim: Mathway

In early May 2020, a hacker using the alias ShinyHunters breached the systems of Mathway, a widely used educational application specializing in math problem-solving. The attacker exfiltrated a database containing over 25 million user records, including email addresses and passwords stored in a hashed and salted format. Within two weeks of the breach, ShinyHunters offered the stolen dataset for sale on dark web marketplaces and Telegram channels, later expanding distribution to a prominent public hacking forum. The asking price was set at $4,000, payable in Bitcoin or Monero cryptocurrency. Security researchers who analyzed samples confirmed the data's authenticity, verifying it contained valid user credentials. This incident marked one of multiple data breaches attributed to ShinyHunters during this period. Mathway, which had operated its popular app since the late 2000s with global reach, became aware of the unauthorized access through external reports of the data being sold.

Upon confirming the breach, Mathway engaged a third-party data security firm to investigate the intrusion scope and implement remediation measures. The company publicly acknowledged that an unauthorized party had acquired customer account data, specifically emails and protected passwords. As part of containment efforts, Mathway initiated mandatory password resets for all user accounts to invalidate compromised credentials. The organization also began notifying potentially affected customers about the exposure of their data. No evidence suggested the breach extended beyond email addresses and password hashes to other sensitive information. The incident exposed credentials of millions of global users, creating risks of credential stuffing attacks and account takeovers across other platforms where users might have reused passwords. Mathway's response focused on securing existing accounts while forensic work continued to determine the exact attack vector and duration of unauthorized access.