Personal data of 40 million Wishbone app users hacked


San Francisco, May 23 (IANS): Personal data from nearly 40 million users of popular voting app Wishbone has been hacked which is available for free download on a hacking forum.

The Wishbone user database has been leaked in full, according to a ZDNet report, and a hacker known as ShinyHunters has taken credit for the hacking.

Earlier, the data was being offered for 0.85 bitcoin ($8,000) on the Dark Web.

The data contains usernames, emails, phone numbers, city/state/country and hashed passwords.

"The data also included links to Wishbone profile pictures. URLs included in the sample data loaded images depicting minors, an age category the Wishbone app has always been historically popular," according to the report.

The passwords were not stored in plain text but hashed using the MD5 algorithm.

MD 5 was declared "cryptographically broken" by the experts in 2010.

A moderately-complex password hashed with MD5 could be cracked in 30 minutes or less.

ShinyHunters is currently selling databases from tens of other companies, totaling more than 1.5 billion records.

The companies include online dating app Zoosk, US newspaper Star Tribune and food delivery service Chef that contains over 73 million user records over the Dark Web for $18,000 (nearly Rs 13.6 lakh) .

Other companies are printing service Chatbooks, South Korean fashion platform SocialShare, online marketplace Minted, online newspaper Chronicle of Higher Education, South Korean furniture magazine GGuMim, health magazine Mindful and Indonesia online store Bhinneka.

ShinyHunters is the same group behind breaching private repositories on Microsoft-owned GitHub (the hacker is believed to have acquired around 1,200 private repositories) and Tokopedia, Indonesia's largest online store where a database of over 90 million user records was sold.

  

Top Stories


Leave a Comment

Title: Personal data of 40 million Wishbone app users hacked



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.