Trapster hack may have exposed millions of iPhone, Android passwords
Up to 10 million e-mail addresses and passwords possibly pilfered from speed trap service
Computerworld - Millions of e-mail addresses and passwords may have been stolen from Trapster, an online service that warns iPhone, Android and BlackBerry owners of police speed traps, the company announced yesterday.
California-based Trapster has begun alerting its registered users and has published a short FAQ on the breach. "If you've registered your account with Trapster, then it's best to assume that your e-mail address and password were included among the compromised data," the FAQ stated.
But in the next breath, Trapster downplayed the threat, saying it wasn't sure that the addresses and passwords were actually harvested.
"While we know that we experienced a security incident, it is not clear that the hackers successfully captured any e-mail addresses or passwords, and we have nothing to suggest that this information has been used," Trapster said.
And when replying to follow-up questions today, Trapster claimed that not all its 10 million users were at risk.
"Only a portion of our users were affected," a company spokesman said via e-mail. "We are choosing not to provide a specific figure, but a majority of our users who download the app do not register, which means they did not provide an e-mail address, as it is not a requirement. So the figure is well below the 10 million users which has been reported."
Users must register with Trapster, and provide an e-mail address and password for the new account, in order to report speed traps. According to the Trapster site, more than 5,300 speed traps have been reported to the service so far today.
If criminals did collect the service's complete user list, the breach would be 25 times larger than the Gawker hack last month, when details of more than 400,000 Gawker accounts were published on the Internet.
Assuming just one-in-10 users registers with Trapster, the number of compromised passwords could still be two-and-a-half times bigger than Gawker's.
Trapster provides free apps for the iPhone, Android-based smartphones, the BlackBerry, Windows Mobile phones, and Garmin and TomTom GPS devices. The apps display a map with suspected speed traps -- the traps are reported by users of the service -- and warn when drivers are approaching a potential radar zone.
The danger posed to users is not limited to their Trapster accounts, a security expert pointed out today.
"You may not care very much if your credentials on Trapster have been compromised and may think that not too much harm can come from that," said Graham Cluley, a senior technology consultant with U.K.-based Sophos, in a post Thursday to the security company's blog. "But what if you use the same e-mail address/password combination on other Web sites such as your Twitter account, or Web e-mail address?"
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts