Share this analysis

Mathway, Blank Media Games and others fall victim of data leaks.

25 October 2020
BREACHAWARE HQ
Education

A total of 5 breach events were found and analysed resulting in 19,236,847 exposed accounts containing a total of 2 different data types of personal datum . The breaches found publicly and freely available included Mathway, Blank Media Games, Hack Forums Wiki, mBox and TaskQue. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Categories of Personal Data Discovered

Contact Data, Technical Data.

Data Breach Analysis

A newly uncovered group of five publicly accessible data breaches has led to the exposure of 19,236,847 user accounts, containing two different data types. The affected platforms span a range of industries and community types, including online education tools (Mathway), gaming communities (Blank Media Games), hacker knowledge bases (Hack Forums Wiki), productivity services (TaskQue), and what appears to be an email or communications tool (mBox).

While the number of data types involved may seem low, the volume of accounts exposed and the range of online activities impacted presents a considerable area of concern. The fact that all five breaches are publicly and freely available further compounds the risk, making the data instantly usable by anyone, including threat actors operating at scale.

Mathway is a widely used math problem solver platform, offering step-by-step solutions across algebra, calculus, statistics, and more. It serves a broad demographic including students, educators, and professionals looking to double-check equations. In 2020, Mathway confirmed a breach involving tens of millions of records, and this listing likely refers to that same breach or a rediscovered subset of it now circulating freely online.

If passwords are part of the exposed data, even if hashed, it is likely that many remain vulnerable due to password reuse. The risk is heightened by Mathway’s integration into educational workflows, meaning compromised accounts might be tied to school or institutional emails. Attackers can weaponise such datasets to impersonate students, conduct phishing attacks on educational institutions, or harvest further information from linked accounts.

Blank Media Games is best known as the developer of Town of Salem, a multiplayer strategy game focused on deception and deduction. In 2018, the company suffered a breach exposing over 7 million user accounts. The data included emails, usernames, hashed passwords, IP addresses, and game-related metadata. The current listing likely reflects a reappearance of this data or a portion of it now freely distributed.

Gaming communities often get overlooked in breach discussions, but they offer rich targets for attackers. Gamers tend to reuse usernames and passwords across multiple platforms, from forums and storefronts to email accounts. Additionally, the exposure of IP logs or location-based data can be used for harassment, DDoS attacks, or social engineering. The reemergence of Blank Media Games data in public circulation reopens old risks, especially for users who never updated their credentials after the initial incident.

Hack Forums is a long-running online community focused on cybersecurity, hacking, coding, and underground digital culture. Its associated Wiki hosts how-to guides, tutorials, and forum-style content on topics ranging from benign scripting to questionable activities like social engineering or exploit deployment. A breach involving the Hack Forums Wiki presents an interesting paradox: a leak of data from a platform run by users who are, in theory, security-aware.

This type of breach doesn’t just compromise accounts, it may also have reputational consequences for its users. Many who contribute to these communities use pseudonyms, but account linkage through reused emails or password hashes could tie forum activity to real-world identities. Moreover, the leaked information could serve as a roadmap for attackers looking to exploit patterns of behaviour, post content, or vulnerabilities discussed on the Wiki itself.

mBox, little public information is available about this particular platform, but “mBox” likely refers to a communication or email-related service. It could be an internal tool, a webmail provider, or an archived message management service. The inclusion of mBox in a list of publicly leaked breaches highlights how even obscure platforms, many of which may no longer be in operation, can still expose user data long after active use.

Even with only email addresses and hashed passwords, breaches like these can still contribute to a broader threat landscape. Email addresses act as universal identifiers across the web, and hashes can still be cracked or used for matching against other databases. If mBox was connected to any sensitive or professional communications, the implications go deeper, especially for business users or those sharing access to team inboxes or archived communications.

TaskQue is a project management and productivity platform designed to help teams automate task assignments and streamline workflows. It competes in a crowded SaaS productivity space and is often used by small to medium sized businesses. A breach of TaskQue accounts, even if limited to basic credentials, poses risks both to user productivity and organisational security.

Given that TaskQue users may be linking their accounts to email systems, project files, and internal documents, compromised credentials can potentially lead to broader infiltration of business operations. The SaaS model typically stores cloud-based data that can include file attachments, project notes, and calendar entries, data which could be leveraged for phishing, extortion, or competitive intelligence gathering.

Additionally, SaaS users frequently connect multiple platforms through API integrations. One breached service, even with limited user data, can serve as an entry point for access to other business-critical applications.

The Risk of Minimal Data Types

Across all five breaches, only two types of data were leaked. This may seem like a minimal concern, but these two data points form the basis of most authentication systems online. The scale of exposure, over 19 million accounts, means this dataset can be used extensively for:
- Credential stuffing (trying leaked credentials across other services)
- Phishing attacks, particularly those targeting platform-specific users
- Identity linking across breaches, especially for reused usernames or passwords

The reappearance of older breaches in public forums, free from the friction of dark web transactions, brings a resurgence of risk for users who may assume they are no longer affected.

When Data Becomes Public

The fact that these breaches are freely available, not sold, not hidden, but indexed and openly shared, transforms the threat model. Attackers no longer need to invest in gaining access to datasets. The barriers to malicious use are reduced to nearly zero.

This openness also means that the same data can be used by multiple threat actors simultaneously, leading to:
- Increased success rates in account takeover attempts
- More targeted phishing at greater scale
- Faster weaponisation of compromised identities

Even if platforms have fixed the original vulnerabilities, and even if users have changed their credentials, the echo of a breach persists in ways that are not always visible or traceable.

Conclusion

This group of breaches demonstrates the ongoing lifecycle of data once it has been compromised. With millions of users affected, even the exposure of only two data types can have lasting effects, particularly as these datasets are republished, reindexed, and redistributed. From educational tools to niche forums, from gaming accounts to productivity platforms, every corner of the web now shares the same fundamental risk: once data is lost, it is lost forever.

  • Key Stats
  • BREACH EVENTS
    0
  • EXPOSED ACCOUNTS
    0
  • EXPOSED DATUM TYPES
    0