What Happened with the Dubsmash Databreach
Dubsmash is a video messaging app for iOS and Android that is headquartered in New York. The company reported Monday, Feb. 25, 2019, that 162 million accounts of users around the world were breached in Dec. 2018. Information in the data breach contains personally identifiable information like the location of users, usernames, passwords, phone numbers, names, and more. Dubsmash states in their release that user information has been on sale on the dark web since the beginning of February.
Dubsmash is not the only service with the information of their clients leaked to the internet. Earlier this month, dating app CoffeeMeetsBagel, MyFitnessPal, HauteLook, and others suffered similar issues. It is still unknown if Dubsmash will face the EU’s General Data Protection Regulation (GDPR) compliant issues. Typically, if an organization is breached, they have only 72 hours to gather and report the information. Since Dubsmash is a global company with users in many countries, it is probably they might face some consequences.
How To Check if You’re Impacted in the Dubsmash Data Breach
In most cases, a company will let users know if they’ve been breached. However, as of this post, Dubsmash did not notify users if their information was impacted. This means users are left to their own vices to discover if their information was part of the breach. To see if your information is part of any breach, not only Dubsmash, use the website haveibeenpwned.com.
In the original report, they state that the units are commonly found in Europe, with some in China and a Pharmaceutical company in Malaysia. One of the researchers, Noam Rotem said that the system could be accessed through any internet browser. Fortunately, the problem was rectified before any major damage occurred.
Resource Data Management said to tell their customers to change their passwords while they update their systems. However, it’s not required to change the password, although strongly recommended.
What To Do In Case of a Data Breach
It would be very rare to meet someone has never been affected by a data breach. Billions of people around the world have been included in a variety of lists for sale. However, it does not mean you are defenseless. The easiest way to protect yourself from a data breach is to change your password on not only the accounts affected but all of your accounts.
Hackers sell the information because it allows other hackers to credential stuff accounts. Credential stuffing is when a hacker will try a variety of usernames and password combinations until they unlock an account.
Of course, it is easy to prevent this by using a password manager and two-factor authentication. While no method will protect you fully, a password manager and two-factor authentication will make it much more difficult for a malicious party to gain access to your account.
SecureData can handle data breaches with 24-hour data breach incident response. We can deploy anywhere in the world to stop a data breach and help mitigate the risk of it happening again. Additionally, SecureData can help victims of data breaches who suffer from identity theft, phishing attempts, and more. Call us for a free phone consultation at 1-800-388-1266.