Wishbone hack - data of 40 million users up for sale

Profile details being sold for thousands of dollars

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A database of 40 million users of the popular Wishbone application has been put for sale on the dark web.

ZDNet discovered Wishbone user accounts were available on underground forums for 0.85 bitcoin - currently around $8000. The popular mobile app allows users to compare two or more items in voting polls.

The hacking attempt appears to have taken place earlier this year, with the criminals able to get access to details including usernames, emails, phone numbers, city/state/country and hashed passwords.

Since Wishbone is popular among children, the presence of personally identifiable details like profile pictures and profiles URLs may pose a serious threat to their safety.

Wishbone hack

Wishbone hack

In a prepared statement, Mammoth Media, the parent company of Wishbone, stated, “Protecting data is of the utmost importance. We are investigating this matter and will share any significant developments.”

According to the report, the passwords were not encrypted properly and were stored in a weak MD5 hashing format. Unlike SHA1 hashing, passwords stored in MD5 format can be easily cracked with the help of various tools freely available on the Internet.

Experts believe the poster may be a reseller or a broker who is looking to make money by reselling the data. Apart from Wishbone, the hacker has also put databases of other companies up for sale, with over 1.5 billion records available, many of which from companies which reported a data breach in the recent past.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Wishbone was previously attacked in 2017, when hackers were able to steal the data of over 2.2 million users. However, the sample data shared by the hacker in this instance did not match any listed online, seemingly confirming this is a new hack.

Via:ZDNet

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet