On Wednesday 19 October, the British Council became aware of a possible data breach from our vocabulary learning app, MyWordBook. Since then we have established that there has been an illegal attack on the server used to support the app and that customer data was stolen. The data consisted of email addresses, encrypted passwords and information about vocabulary learning progress within the app.
No financial data was stolen as this is not stored on the app server – all purchases within the app are handled by the Apple and Google Play app stores.
No other British Council websites or apps have been affected. We are now carrying out internal investigations to understand fully how this breach occurred and what additional procedures we can put in place to ensure user safety. The MyWordBook app has been temporarily removed from the app stores while investigations are under way.
If you are a registered user of the MyWordBook app, we are very sorry that you have been inconvenienced.
One thing you should do to increase your online security is change your password for other accounts.
If you have used the same or a similar password and email address as you used for MyWordBook on any other sites or mobile apps, we strongly advise you to change those passwords immediately.
We strongly encourage you never to reuse passwords.
LATEST UPDATE: 2/11/2016 MYWORDBOOK SERVER REMOVED
In order to continue the investigation into this incident, we have identified a need to remove the MyWordBook server from the internet.
What this means for you:
While the server is offline, you will be able to continue to use MyWordbook as usual except that
- you will not be able to download new word packs
- you will not be able to share new words with friends
- you will not be able to change your MyWordBook password
- if you have created new words or shared words with friends, you may receive a message saying ‘Unable to connect to the Internet’. You can ignore this – it does not affect your use of the MyWordBook app.