Home / Hacking / Hacker Swipes Data On 40 Million Users Of Popular Wishbone App – Forbes

Hacker Swipes Data On 40 Million Users Of Popular Wishbone App – Forbes

Personal data from some 40 million users of the popular voting app Wishbone was swiped during a breach earlier this year. Now the hacker who claims responsibility is giving that data away for free.

It’s the second major incident in the past three years for Wishbone. In 2017, hackers made off with 2.2 million email addresses and nearly 300,000 cell numbers.

A great number of those belonged to young women. Documents that leaked around the same time revealed that upwards of 70% of Wishbone’s users were under 18.

That had parents and privacy advocates bristling, and that lightning may very well strike twice. This new breach impacts nearly 20 times more users and includes far more data on each and every one.

ZDNet’s Catalin Cimpanu reports that the hacked data includes usernames, emails, phone numbers, and location information. It also includes hashed passwords.

While the fact that passwords were not stored in plain text is good news, Cimpanu says those he examined were hashed using the MD5 algorithm. MD 5 was declared “cryptographically broken” by experts all the way back in 2010.

A moderately-complex password hashed with MD5 could be cracked in 30 minutes or less. That’s not great news for these 40 million users.

It’s a safe bet that some percentage of them used the same password with other apps or websites. Password fatigue continues to lead many down the slippery slope of password re-use.

Email address and password pairs stolen in this breach could now be used to break in to those users’ other accounts.

That’s particularly alarming given Cimpanu’s most recent update. The hacker who stole the data was originally selling it for $8,000. Now it’s being given away on hacking forums.

Mammoth Media, the company behind the Wishbone app, has been contacted regarding this incident. This post will be update with its response.


Source link

About

Check Also

Parler Hack Claims Are Fake, CEO Says: 'They Are Just Obsessed With Us' – Newsweek

The CEO of Parler, a social media platform popular with conservatives, has denied viral claims …