More than 617 million logins for 16 popular apps have been leaked online, putting users at risk of having their personal information hacked.
The leaked logins for the apps – which include MyFitnessPal and Dubsmash – have since appeared for sale on the dark web.
Affected users are at significant financial risk
The passwords that have been leaked are encrypted so cannot immediately be used to gain access to the apps, although they can be cracked by hackers.
The mass of logins is retailing for around £15,000, and was first spotted by technology website The Register.
By purchasing the logins, buyers will then be able to potentially re-use the passwords across multiple apps.
Not only will this allow criminals to gain access to millions of accounts, it can also provide access to more sensitive apps (such as banking) putting users at significant financial risk. This is known as credential stuffing.
Which apps have been affected?
These 16 apps were all affected by the login leak and if you have an account with one of these platforms, it is advised you change your password immediately.
- Dubsmash – 162 million accounts
- MyFitnessPal – 151 million accounts
- MyHeritage – 92 million accounts
- ShareThis – 41 million accounts
- HauteLook – 28 million accounts
- Animoto – 25 million accounts
- EyeEm – 22 million accounts
- 8fit – 20 million accounts
- Whitepages – 18 million accounts
- Fotolog – 16 million accounts
- 500px – 15 million accounts
- Armor Games – 11 million accounts
- BookMate – 8 million accounts
- CoffeeMeetsBagel – 6 million accounts
- Artsy – 1 million accounts
- DataCamp – 700,000 accounts