Executive summary: IntSights researchers have obtained the full database from the Wishbone app breach. Wishbone, an app popular among teenagers, has suffered a data breach, it has been revealed. The notification says that unknown individuals “may have had access” to the company’s API and used it to nab data on the service’s users. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines. Or they can go directly after the user with phishing attacks," says Javvad Malik, Security Awareness Advocate at KnowBe4. Wishbone says that it has taken precautionary measures and has started an investigation into the matter. The app also ranks 42nd in the social app ranking on the Google Play Store. Note 1- A similar security breach took place on the app in March 2017 leaking details of more than 2.2 million user details to the dark web. Hackers managed to get inside a cryptocurrency …, Alphabet Inc-owned Google's $2.1 billion bid for fitness trackers company Fitbit could pose privacy risks, the European Data Protection Board (EDPB) warned on Thursday, adding its voice to other critics …, There are growing fears about the rise of cyberbullying and its impact on children. The data was being sold by Shiny Hunters online for 0.85 BTC (Rs. This trend suggests that many users whose records were compromised may not be active users of the app at present. Wishbone app which allows teenage girls to compare fashion, music, celebrity, and other instances, has made it official that a recent hack on its database could have leaked passwords of its 40 million users. Note 3- Google App store claims that the Wishbone app has been downloaded more than 8 million downloads. Unlike traditional face-to-face bullying, a bully can conceal their identity online and target their victims constantly without the limits of …. It doesn’t appear the company knows who is responsible for the data breach at this time. Wishbone was immensely popular back in 2018 when it featured among the top ten social networking apps on the Apple App Store but presently ranks 143rd. On May 21st it was reported that Wishbone, a popular teen-focused social app, has been breached. Most Dangerous Cyber Security Threats of 2017! Hackers can use the decrypted passwords to launch credential stuffing attacks on multiple digital platforms to exploit the fact that millions of netizens use the same passwords for multiple social media or e-commerce accounts. Earlier today, ZDNet revealed that hackers are now selling personal details of 40 million users of Wishbone on multiple dark web forums. "Cautionary stories like this one should encourage organizations to rethink not only their security measures and tools but also their processes in collecting, handling, and storing sensitive data, because data breach and theft can happen to anyone," he adds. Sign up for the free newsletter! An extensive amount of personal information including almost 10M unique email addresses alongside names, phone numbers geographic locations and other personal attributes were … "Even on apps and websites which may appear to have little valuable information, if attackers get hold of emails addresses and passwords, they can use those to try attacking other websites that the user is registered to with password stuffing. Wishbone, an app popular among teenagers, has suffered a data breach, it has been revealed. "It is why it's important that whenever a user is impacted by any breach from any website, one of the first steps they should take is changing their password on other services which may use the same password. Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security, © Copyright footer_current_date - Cybersecurity Insiders. And the app has also been topping the 50 popularly downloaded app on iOS App Store since 2018. Wishbone App Class Action Says Data Breach Affected 40M Users Follow Article. The data stolen by the hacking group contained usernames, emails, phone numbers, city/state/country, but also hashed passwords. ALSO READ: Over 129m records of Moscow car owners up for sale on the Dark Web. Companies and applications that feature in the hacker's list include Facebook, Epic Games, Dubsmash, Fotolog, Verifications.io, Evite.com, and Lexisnexis.com. Also the app has come under sharp criticism since its launch in 2015 as it helps children expose to online activities like Cyberbullying and exposure to inappropriate content such as X-rated stuff. Read the original article: Wishbone (2020) - 9,705,172 breached accountsIn January 2020, the mobile app to "compare anything" Wishbone suffered another data breach which followed their breach from 2016. The most concerning aspect of the data security incident is that millions of account passwords were protected by Wishbone using the MD5 algorithm which is fairly easy to crack when compared to SHA1. Click to share on Facebook (Opens in new window), Click to share on Twitter (Opens in new window), Click to share on LinkedIn (Opens in new window), Over 129m records of Moscow car owners up for sale on the Dark Web, Cyber-attack on South Korean cryptocurrency exchange compromises 30,000 customer accounts, EU privacy body warns of privacy risks in Google Fitbit deal, We don’t know the true extent of cyberbullying – and children need help in dealing with it, Capital One fined £61.3m by regulator for 2019 data breach, UNICEF exposed personal details of over 8,000 users in bulk email, Warwick University suffered multiple breaches due to poor security protocols, United Nations kept the massive 2019 data breach under wraps, Low-cost smart home camera maker Wyze leaked data of 2.4 million users, Hacker exploited loophole to cart away inventories of over 500 Fallout 76 players. Though Wishbone has yet to confirm the hack, Bleeping Computer independently verified the accuracy of much of the exposed data. Ransomware news headlines trending on Google, Top 5 PCI Compliance Mistakes and How to Avoid Them. Offered by Second Street Labs Inc, Wishbone is a highly popular social media application on both Google Play and iOS that lets millions of users compare any products across any category- be it fashion, celebrities, humor, music, or any genre of their liking. Wishbone was immensely popular back in 2018 when it featured among the top ten social networking apps on the Apple App Store but presently ranks 143rd. An analysis of the data samples shared by hackers on hacker forums revealed that users' account passwords are hashed using the obsolete MD5 encryption algorithm that can be cracked by novice hackers without much fuss. Also the app has come under sharp criticism since its launch in 2015 as it helps children expose to online activities like Cyberbullying and exposure to inappropriate content such as X-rated stuff. We sincerely apologize for any inconvenience this incident may have caused you. Cybersecurity Insiders has learned that the leaked data includes hashed passwords, age of users, emails, usernames, phone numbers, city and country names, and also some other details like user’s profile pictures. The reports came after a threat actor offered the database from the breach for sale on a cybercrime market. Since Wishbone allows users to connect via Facebook and Twitter social media accounts it also faces allegations of instantly accessing sensitive data about friends and relatives. Hackers may have managed to steal at least $1 million and information on thousands of customers from South Korea's largest etherium cryptocurrency exchange. Anyone who provided their birthday information for the account will also likely have had that data stolen, however the thieves did not acquire any account passwords or financial data. The samples also contained links to users' profile pictures, many of which were of minors. 5,84,000 approx). News is also out that the leaked data is available on some online forums for just 0.85 Bitcoins which accounts for $8000 in USD. A similar security breach took place on the app in March 2017 leaking details of more than 2.2 million user details to the dark web. Yahoo prepares to confirm rumors of extensive data breach, Huge Yahoo data breach confirmed: 500m accounts hit, Topps, maker of sports cards, discloses data breach. The app has a popular voting feature that lets users participate, interact with other users, and find out about what’s hot and what’s not. Users should also consider disconnecting Wishbone from their Facebook and Twitter accounts until it confirms the data breach and has taken action to remedy it. And the app has also been topping the 50 popularly downloaded app on iOS App Store since 2018. Mammoth Media is the owner of the Wishbone app and strives to entertain mobile-first generation. Releasing a press update, the company claims that it has launched an investigation on the leak and assured that it will share all epochal developments on the probe from time to time. The company informed its users of the intrusion in a notification recently, saying it became aware of the data swipe on March 14. The hacker behind the sale of data records stolen from Wishbone is in the business of selling massive troves of data stolen from digital platforms and applications that boast millions of users. Wishbone app was been hacked by Shiny Hunters and over 40 million user details were stolen. Though passwords weren’t taken, Wishbone is encouraging its users to change their passwords just to be safe. The company behind the Wishbone app faces a proposed class action centered on a data breach that compromised the personal information of more than 40 million users. The mobile application was hacked previously in 2017 but evidence suggests that user records being sold on Dark Web forums were not taken from the 2017 data breach. These details include names, email addresses, phone numbers, geographical locations, genders, social media profiles, and hashed account passwords of users. The company also suggests that security measures will be implemented to prevent such future events. Note 4- Mammoth Media is the owner of the Wishbone app and strives to entertain mobile-first generation. Google App store claims that the Wishbone app has been downloaded more than 8 million downloads. Maintaining the integrity of your personal information is extremely important to us. The other thing they should do is exercise heightened vigilance around emails which appear, particularly unexpected ones claiming to be from the company or an official body," he adds. The mobile application was hacked previously in 2017 but evidence suggests that user records being sold on Dark Web forums were not taken from the 2017 data breach. According to Mortherboard, the data breach resulted in about 2.2 million email addresses and names being taken, as well as 287,000 phone numbers.