On Wednesday 19 October 2016, the British Council became aware of a possible data breach from our vocabulary learning app, MyWordBook. Since then we have established that there has been an illegal attack on the server used to support the app and that customer data was stolen. The data consisted of email addresses, encrypted passwords and information about vocabulary learning progress within the app. 

No financial data was stolen as this is not stored on the app server – all purchases within the app are handled by the Apple and Google Play app stores. 

No other British Council websites or apps have been affected. We are now carrying out internal investigations to understand fully how this breach occurred and what additional procedures we can put in place to ensure user safety. The MyWordBook app has been temporarily removed from the app stores while investigations are under way.

If you are a registered user of the MyWordBook app, we are very sorry that you have been inconvenienced.

One thing you should do to increase your online security is change your password for other accounts.

If you have used the same or a similar password and email address as you used for MyWordBook on any other sites or mobile apps, we strongly advise you to change those passwords immediately.

We strongly encourage you never to reuse passwords.

LATEST UPDATE: 2/11/2016 MYWORDBOOK SERVER REMOVED

In order to continue the investigation into this incident, we have identified a need to remove the MyWordBook server from the internet.

What this means for you:

While the server is offline, you will be able to continue to use MyWordbook as usual except that 

  1. you will not be able to download new word packs 
  2. you will not be able to share new words with friends 
  3. you will not be able to change your MyWordBook password
  4. if you have created new words or shared words with friends, you may receive a message saying ‘Unable to connect to the Internet’. You can ignore this – it does not affect your use of the MyWordBook app.

FREQUENTLY ASKED QUESTIONS (FAQS)

What is MyWordBook?

MyWordBook is a mobile app for learning English vocabulary.

What data WAS LOST?

The data consisted of your email address, encrypted password and information about your vocabulary learning progress on the app. No financial information has been lost as no financial data was stored on the app server. All purchases within the app are handled by the Apple App Store or Google Play. 

Was the data that was stolen encrypted? 

All passwords were encrypted on the server but email addresses and information about your learning progress were not.

For the technically minded, the passwords were hashed and salted using the high-security bCrypt function.

Now that I’ve changed my password, can you guarantee that my data is safe?

Unfortunately, no site can give you a cast-iron guarantee of this. We have fixed the problem and together with asking you to reset your password, we think this makes MyWorkBook users as safe as we can make them.

YOU TOLD ME TO CHANGE MY PASSWORD BUT I HAVE DELETED THE APP AND I CAN'T FIND IT ANYMORE IN THE APP STORE. WHAT DO I DO?

The MyWordBook app has been temporarily removed from the app stores while investigations are under way so you won’t be able to find it right now. However, if you have used the same password for other websites, apps or services, we strongly recommend you change those passwords.

I WOULD LIKE TO REMOVE MY ACCOUNT FROM THE APP.

While the investigation is still going on, the app is temporarily removed from the app stores and no changes are possible while the app is removed.

We will update the FAQs when we have more information.

If you have any additional questions, please submit them here. Your questions will help inform future FAQs.