Cyber security news for all

More

    Hackers have sold 40 million user registration data for the popular Wishbone app

    Today, hackers have published information about the 40 million registered users of the popular mobile app- Wishbone; which allows users to compare two elements with a simple vote.

    The data was advertised on several hacker forums and sold at 0.85 bitcoin.

    Based on the vendor ’s statement and the choice of data published on the Internet, Wishbone data includes user information such as user name, email, phone number, city/state / country, and hashed password.

    The hacker claims that the password is in SHA1 format; however, the samples reviewed today by news sources shows the password in MD5.

    Wishbone hack took place earlier this year

    The seller claims that the Wishbone application data was obtained through a hacker attack that occurred earlier this year. The user records and latest login date included in the Wishbone app sample data confirm this statement, and all timestamps are related to January 2020.

    However, it is unclear whether the person who posted all the ads on the hacking forum is a real hacker.

    The person behind the forum announcement is what a security researcher calls a “data broker”. This is a cybercriminal who specializes in buying and selling pirated databases in the name of cybercriminals.

    From the Ads seen online, the threat entity is currently selling databases of dozens of other companies, totaling more than 1.5 billion records.

    wishbone

    We accept emails from users of today’s sample data and check them on the “I ’ve Been To” website; which allows users to check whether their emails were part of the previous hacking attacks.

     

    However, because “I am a private user” allows users to hide their emails from public searches; we also checked these emails on a private platform managed by KELA Threat Intelligence, which also indexed and tracked data leaked in older breaches.

     

    All the accounts included in the general sample today were not in the Wishbone breach in 2017; which proves that these are new accounts, which is a new breach.

    The company said: “Data protection is essential.” “We are investigating this issue and will share any significant progress.”

     

    Recent Articles

    Related Stories