Trapster is telling registered users to change their passwords due to an attack.
Trapster.com, creator of a
popular mobile application that warns users about speed traps, notified
users this week
that their passwords may have been exposed due to an
The company released few
details about the incident. In an e-mail, the company said it understood how
the attack occurred and had already rewritten code to prevent it from happening
in the future, but would not disclose what happened or when. It is
not clear whether the hackers successfully captured any e-mail addresses
or passwords, and there is nothing to suggest the information has been
used, the company said.
"We believe it's best to be
cautious," the company said. "So, we are telling users if they registered their
account with Trapster, then it's best to assume that their e-mail address and
password were included among the compromised data."
Launched in 2007, Trapster
boasts more than 10 million users. While the company said it is notifying all
its registered users, it also contends that the majority of the 10 million-plus
users don't register. As a result, the actual number of people affected by the
breach is less than 10 million, the company told eWEEK.
As in the recent
Gawker Media breach
, security pros are advising users to change their
passwords for other sites as well if they are identical to their Trapster
"Now, you may not care very
much if your credentials on Trapster have been compromised and may think that
not too much harm can come from that," blogged Graham Cluley, senior technology
consultant at Sophos. "But what if you use the same e-mail address/password
combination on other Websites such as your Twitter account or Web e-mail
"If hackers grab your
password in one place, and you have carelessly used the same password
elsewhere, then you could be on a dangerous road," Cluley added.
In the Gawker case, the
e-mail addresses and passwords of registered users were leveraged for a spam
campaign on Twitter. When it was said and done, hundreds of thousands of
Twitter accounts were compromised to send out spam pushing the acai berry
diet with messages such as: "I lost 9 lbs. using acai! RT This!
"If you used your Trapster
password on any other Website, you should change the password on that site as
well, particularly if you used the same e-mail address with that site,"
Trapster also offered
advice on creating a strong password, including making it at least eight
characters and avoiding the use of common words or phrases.
"As far as pursuing the
perpetrator, we continue to look into this but are focused right now on our
users," the company said.