Today, hackers have published information about the 40 million registered users of the popular mobile app- Wishbone; which allows users to compare two elements with a simple vote.
The data was advertised on several hacker forums and sold at 0.85 bitcoin.
Based on the vendor ’s statement and the choice of data published on the Internet, Wishbone data includes user information such as user name, email, phone number, city/state / country, and hashed password.
The hacker claims that the password is in SHA1 format; however, the samples reviewed today by news sources shows the password in MD5.
Wishbone hack took place earlier this year
The seller claims that the Wishbone application data was obtained through a hacker attack that occurred earlier this year. The user records and latest login date included in the Wishbone app sample data confirm this statement, and all timestamps are related to January 2020.
However, it is unclear whether the person who posted all the ads on the hacking forum is a real hacker.
The person behind the forum announcement is what a security researcher calls a “data broker”. This is a cybercriminal who specializes in buying and selling pirated databases in the name of cybercriminals.
From the Ads seen online, the threat entity is currently selling databases of dozens of other companies, totaling more than 1.5 billion records.
We accept emails from users of today’s sample data and check them on the “I ’ve Been To” website; which allows users to check whether their emails were part of the previous hacking attacks.
However, because “I am a private user” allows users to hide their emails from public searches; we also checked these emails on a private platform managed by KELA Threat Intelligence, which also indexed and tracked data leaked in older breaches.
All the accounts included in the general sample today were not in the Wishbone breach in 2017; which proves that these are new accounts, which is a new breach.
The company said: “Data protection is essential.” “We are investigating this issue and will share any significant progress.”