SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
16 Mar 2017

Popular teen quiz app Wishbone has been hacked

Hackers have stolen 2.2 million email addresses and 287,000 cellphone numbers from Wishbone users, many of whom are young women under the age of 18.

A popular social networking app that allows users to create and vote on simple two-choice quizzes lost millions of users records, including more than 2 million email addresses and full names, and almost 300,000 cellphone numbers.

Unknown hackers apparently found an unprotected database for the app Wishbone and stole its contents, which are now circulating on the internet's undergrounds, according to Troy Hunt, a security researcher who runs the well-known breach notification website "Have I Been Pwned?". Earlier this week, Hunt received what appeared to be a copy of a MongoDB database belonging to Wishbone. The database contained a treasure trove of Wishbone users' data, including 2,326,452 full names, 2,247,314 unique email addresses, 287,502 cellphone numbers, and other users' personal data such as birthdates and gender.

Users can sign up for Wishbone without providing any information—so the hacked database doesn't contain identifying information for all the affected users. However, Hunt said he was able to verify that the leaked data is legitimate because he confirmed the existence of more than a dozen leaked accounts through the app's API.

Science Inc., the tech incubator that owns the app confirmed the breach on Wednesday in a statement emailed, saying hackers "may have had access to an API without authorization." "The vulnerability has been rectified," Science Inc's co-founder and general counsel Greg Gilman wrote in the email.

Gilman said Wishbone sent users a notification disclosing the incident, apologizing for the leak and promising to continue to investigate the matter. Wishbone was launched by Michael Jones, the founder of Science Inc., and former CEO of MySpace, in 2015. (Jones did not respond to a request for comment.)

The app has since become extremely popular with bored teenagers who can vote on user-created polls such as who's better between Nicki Minaj and Lady Gaga, whether they are a serious or playful selfie taker, and what they prefer between partying or staying home and do homework. The app is in the top 10 most popular social networking apps for iPhones in the US, according to App Annie, and has between one million and 5 million downloads on Google Play.

The app is used by a lot of teenagers and young adults, mostly female, according to what Jones said in an interview last year. In fact, almost 70% of users in a sample of 200 leaked accounts were under 18 years old. Given that, and considering that in some instances the leak exposed the full name, birthdate, gender, email address and cellphone number of underage girls and boys, this is a serious data breach that could put the victims in danger not only of identity theft or spam.

"I'd be worried about the potential for kids to abuse the data," Hunt told in an online chat. "There's a lot of young people in there and finding, say, young females and being able to contact them by phone is a worry." On Wednesday afternoon, Hunt added the Wishbone data breach to his service, "Have I Been Pwned," and sent out alerts to its subscribers.

Tags:
information leaks hackers USA
Source:
Motherboard
1951
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015