{
	"id": "55339cab-d294-4004-b6cc-770764f7a7bf",
	"created_at": "2026-04-06T00:14:47.972182Z",
	"updated_at": "2026-04-10T03:34:59.539615Z",
	"deleted_at": null,
	"sha1_hash": "fdf219889d56331ae80bb086281c2199afc7efd5",
	"title": "25 million user records leak online from popular math app Mathway",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 671706,
	"plain_text": "25 million user records leak online from popular math app\r\nMathway\r\nBy Written by Catalin Cimpanu, ContributorContributor May 22, 2020 at 9:45 a.m. PT\r\nArchived: 2026-04-05 20:23:35 UTC\r\nImage: Mathway\r\nSee als\r\nA hacker has breached Mathway, a popular math solving application, from where they have stolen more than 25\r\nmillion emails and passwords, ZDNet has learned.\r\nThe hack is the latest in a long line of security breaches carried out by a hacker going by the name of\r\nShinyHunters, the threat actor also responsible for intrusions at Tokopedia, Wishbone, Zoosk, and others.\r\nFor the past few months, the hacker has been breaching companies and putting their data on sale on a dark web\r\nmarketplace and internet hacking forums. In total, it is believed that the hacker has sold access to more than 200\r\nmillion user details.\r\nMathway intrusion took place in January 2020\r\n\"The only thing I can say is that the [Mathway] hack took place in January 2020,\" ShinyHunters told ZDNet in an\r\ninterview on Thursday while trying to avoid revealing too many details about the intrusion.\r\nThe hacker said they accessed the company's backend, dumped the database, and then removed access to avoid\r\ngetting detected.\r\nhttps://www.zdnet.com/article/25-million-user-records-leak-online-from-popular-math-app-mathway/\r\nPage 1 of 3\n\nSince the start of May, the hacker has been selling the Mathway data on the dark web, and later also began selling\r\nit on a public and very popular hacking forum.\r\nmathway.png\r\nImage: ZDNet\r\nThe Mathway data has been up for sale for the equivalent of $4,000 in Bitcoin or Monero. According to samples\r\nreviewed by ZDNet, the data includes user emails and hashed passwords. The password hashing algorithm is\r\nunknown, so it's unclear if these passwords can be cracked and reverted back to their cleartext forms, which would\r\nmake the entire data dump a lot more valuable for other cybercrime gangs.\r\nData allegedly leaked in full\r\nLike all the previous databases that ShinyHunters has been selling, the Mathway data is slowly making its way\r\nfrom private circles into the public domain.\r\nThis week, a copy of the Mathway database began circulating more broadly, being shared on Telegram channels\r\ndedicated to \"data brokers,\" a category of the cybercrime underworld specialized in buying and trading hacked\r\ndata.\r\nmathway-leak-tg.png\r\nImage: ZDNet [provided]\r\nThe above screenshot was provided to ZDNet by another data broker, and we were not able to obtain a copy of the\r\nleak in full, although, there is no reason to believe the data is fake since the data broker has been a reliable source\r\nfor ZDNet coverage in the past.\r\nOnly emails and hashed passwords are included in this leak, but many of these are most likely to belong to\r\nchildren, something that's not going to sit very well with some parents.\r\nContacted for comment, a Mathway spokesperson provided ZDNet with the following statement, admitting to the\r\nbreach and promising to notify all impacted users:\r\nAt Mathway, we take our customer's trust seriously, especially when it comes to their data, and we are committed\r\nto doing what is right for our customers. We recently discovered that certain Mathway customer account data,\r\nemails and hashed and salted passwords, was acquired by an unauthorized party.  Upon learning of this, we\r\nretained a leading data security firm to investigate, address any vulnerabilities and remediate the incident. We are\r\nnotifying all potentially impacted customers and are requiring password resets for all accounts. We regret any\r\ninconvenience this may cause our customers.\r\nMathway currently runs one of the most popular educational apps on the market, with its app being broadly used\r\nacross the world since the late 2000s.\r\nThe company's app has been extremely popular with students and children alike, providing crucial help with\r\nlearning basic and advanced math problems.\r\nhttps://www.zdnet.com/article/25-million-user-records-leak-online-from-popular-math-app-mathway/\r\nPage 2 of 3\n\nMathway is currently available as an Android and iOS app, and as a web service, with its mathway.com website\r\nranking #2,605 in the Alexa internet traffic index, being one of the most popular websites on the internet, despite\r\nits niche feature-set and targeted audience.\r\nUpdated at 3:40pm ET with new statement from Mathway.\r\nSecurity\r\nSource: https://www.zdnet.com/article/25-million-user-records-leak-online-from-popular-math-app-mathway/\r\nhttps://www.zdnet.com/article/25-million-user-records-leak-online-from-popular-math-app-mathway/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.zdnet.com/article/25-million-user-records-leak-online-from-popular-math-app-mathway/"
	],
	"report_names": [
		"25-million-user-records-leak-online-from-popular-math-app-mathway"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "dfee8b2e-d6b9-4143-a0d9-ca39396dd3bf",
			"created_at": "2022-10-25T16:07:24.467088Z",
			"updated_at": "2026-04-10T02:00:05.000485Z",
			"deleted_at": null,
			"main_name": "Circles",
			"aliases": [],
			"source_name": "ETDA:Circles",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434487,
	"ts_updated_at": 1775792099,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fdf219889d56331ae80bb086281c2199afc7efd5.pdf",
		"text": "https://archive.orkl.eu/fdf219889d56331ae80bb086281c2199afc7efd5.txt",
		"img": "https://archive.orkl.eu/fdf219889d56331ae80bb086281c2199afc7efd5.jpg"
	}
}