A mobile application developer has warned of a data breach that could affect up to ten million users.
Trapster.com, which developed an app to help users evade speed traps, warned users about a breach in its username and password database. In a note to users, the Trapster team said that it had learned that its website has been the target of a hacking attempt and it is possible that email addresses and passwords were compromised.
“We have taken and continue to take, preventative measures to avoid future incidents but we are recommending that you change your Trapster password. As always, Trapster recommends that you use distinctive passwords for each site you visit, but if you use the same password on Trapster that you use on other services, we recommend that you change your password on those services as well,” it said.
In an FAQ, Trapster said that it was ‘best to be cautious' when it comes to password security and that it was ‘best to assume that your email address and password were included among the compromised data'.
Speaking about the incident, it said that this was a single event and the team understood how it occurred and took steps to help prevent it happening again.
“Please note that we are taking these actions with our users as a precautionary measure. While we know that we experienced a security incident, it is not clear that the hackers successfully captured any email addresses or passwords and we have nothing to suggest that this information has been used,” it said.
It also confirmed that it is in the process of notifying registered users and has rewritten the software code to prevent this type of attack from happening again. It said that it will continue to implement additional security measures to further protect data.
Paul Vlissidis, technical director at NGS Secure, an NCC Group company, said: “It is common for users to apply the same passwords to frequently used websites however, by doing this you are effectively increasing the risk that if any of the websites get hacked then all the others can be accessed. As well as the websites' responsibility to keep their customers' data safe, users must also accept that their behaviour directly affects their own security.
“Website owners should declare if they store your passwords using strong hashing. This is a simple process and not any more expensive to implement, however unfortunately websites not using this method of cryptography is something we see all too often and this can only be down to developers' laziness or ignorance. In the case of Trapster, it would appear that they didn't encrypt or hash so the hackers got the crown jewels.”