Hacker Offers 40 Million Wishbone User Data for Sale

Security Checkers Security

Details of 40 million Wishbone users up for sale by a hacker. 

Wishbone, a popular mobile app that lets users compare two items in a simple voting poll, has suffered a data breach. A hacker has recently put the details of the app’s 40 million registered users up for sale online. Ads showing on multiple hacking forums offer the data for 0.85 bitcoin. 

The seller, which has since published a sample of the data, claims that the Wishbone database include user information like emails, usernames, phone numbers, city/state/country and hashed passwords. The seller also confirmed that they were able to obtain Wishbone profile pictures. URLs included in the data sample loaded images depicting minors, an age category the Wishbone app has always been historically popular. 

The seller confirmed that the Wishbone data was obtained earlier this year. User registration and last log in dates show timestamps dating to January 2020. Experts claim that the seller is currently selling databases containing more than 1.5 billion records from tens of other companies. 

Wishbone has been in the iOS App Store top 50 most popular social networking apps for years. On Google Play Store, it has been downloaded between 5 and 10 million times.