Show vulnerabilities with patch / with exploit
21 May 2020

Personal data of 40 million Wishbone users available for sale on hacking forums


Personal data of 40 million Wishbone users available for sale on hacking forums

Personal information of 40 million users registered on Wishbone, a mobile application for comparing social content most popular among teens, are being sold on multiple hacking forums for 0.85 bitcoin (~$8,000), ZDNet has found.

According to the seller’s ads posted online, the Wishbone data includes user information such as usernames, emails, phone numbers, city/state/country, as well as hashed passwords.

ZDNet analysed a publicly available sample of the data and found that the information also included links to Wishbone profile pictures depicting minors.

According to the database seller, the info was obtained as a result of a breach that happened earlier this year.

“User registration and last login dates included in the Wishbone data sample appear to confirm this statement, with all timestamps dating to January 2020,” ZDNet wrote.

It was not clear whether the exact seller of the data was the main hacker behind the Wishbone breach. However, it is possible that the seller is only a "data broker," a person who specializes in acquiring and reselling hacked databases on underground forums.

According to ZDNet, this seller is also offering databases from numerous companies, including Facebook, Epic Games, Dubsmash, and Verifications.io, which in total include more than 1.5 billion records.

The developer of the Wishbone app, Mammoth Media, is currently investigating the issue, a company spokesperson told ZDNet.


Back to the list

Latest Posts

REvil ransomware group announces its first ever stolen data auction

REvil ransomware group announces its first ever stolen data auction

REvil ransomware operators escalate their extortion tactics.
3 June 2020
Apple fixes recent iPhone “unc0ver” jailbreak flaw

Apple fixes recent iPhone “unc0ver” jailbreak flaw

The vendor issued the security patches less than a week after the hackers have released jailbreak tool called “Unc0ver”.
3 June 2020
DopplePaymer ransomware operators leak NASA-related files allegedly stolen from DMI

DopplePaymer ransomware operators leak NASA-related files allegedly stolen from DMI

The gang says it breached the network of one of NASA IT contractors.
3 June 2020
Featured vulnerabilities
MitM attack in GnuTLS
Medium Patched | 04 Jun, 2020
Spoofing attack in Docker
Medium Patched | 03 Jun, 2020
Information disclosure in GitLab
Medium Patched | 03 Jun, 2020
Multiple vulnerabilities in Google Chrome
High Patched | 03 Jun, 2020
Privilege escalation in ABB Central Licensing System
Medium Not Patched | 03 Jun, 2020