Wappalyzer, a technographic database company that collects kinds of technology stacks a company uses, has suffered a breach in January this year. But the company didn’t disclose it until the hacker who breached and stolen data, has sent emails to Wappalyzer customers for selling them the database! Though Wappalyzer confirmed there’s no sensitive information in that, the database contained email addresses of 16,000 people and few billing addresses.

Snippet of stolen database
A snippet of stolen database

First the hacker, and then the company

Any company which unfortunately faces a security breach is expected to inform its customers right away. This could ensure them taking extra precautions to avoid any potential hacks later on. But instead, Wappalyzer has acknowledged the breach that breach happened in January, and disclosed now after the perpetrator reaching out to customers.

Hacker going by name CyberMath has been emailing to Wappalyzer’s customers for selling the stolen database for $2,000 in Bitcoin. But Wappalyzer asked its customers, those who’re receiving those emails, to mark as spam and not to reply or click on any links in the email.

Emails from both Wappalyzer and the hacker to customers
Emails from both Wappalyzer and the hacker to customers

Wappalyzer, on the other hand, told ZDNet that the data breached was outdated, so no use for buying it now. The company said that it suffered a data breach due to exposing one of its databases online cause of misconfiguration. This led the hacker to steal a database of over 16,000 customers. Yet, the firm says there’s no need to worry, as the data that’s being taken and selling now is of old, and the company updates its data every three months.

Elbert Alias, the founder of Wappalyzer, said the data stolen was of technographic data, which was scraped out of websites regarding the type of technology stacks they were using. Further, it also contained the email addresses of those who’ve requested the quote and billing addresses of those who placed an order. And assured that no sensitive information like passwords or card data were available.

Via: ZDNet


Please enter your comment!
Please enter your name here