The notification of the data breach was first noticed by data breach monitoring service Under the Breach. According to the leaked data (sample data), it contains information including details such as the user's email address, hashed password, real name, sign-up date, sign-up IP address, device details, and date of birth (if provided). Furthermore, it also contains the data of account status, sign-up tokens, developer tokens, if the account was a super admin or referral origin.
Users who registered or used the Aptoide app store app between July 21, 2016, and January 28, 2018, were affected by the hack. The leaked database was a PostgreSQL export file which was available for download on many file hosting services.
On the other hand, Aptoide responded to the breach notification via its blog. On the post, they wrote that at the meantime they are investing the hack notification which means till yet it's not confirmed from Aptoide side.
Aptoide noted that -
Meanwhile, we would like to rest you assure that all user passwords were encrypted.But hacker claims to obtain the real name, date of birth, account status, sign-up tokens. Now we have to wait for the confirmation of the Aptoide.
Besides your email address used for login and encrypted password, no Aptoide user's personal data is in the database. Aptoide users were never requested for physical addresses, credit card information, telephone numbers, or other personal data.
In the mean time we have also seen that Aptoide also notifies its users about the breach via emails.
If you have anything to add to this story, comment below.