BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Hacker Swipes Data On 40 Million Users Of Popular Wishbone App

From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 26 May 2020 09:17:21 -0500
https://www.forbes.com/sites/leemathews/2020/05/22/40-million-wishbone-accounts-hacked/#7d673fab385f

Personal data from some 40 million users of the popular voting app
Wishbone was swiped during a breach earlier this year. Now the hacker
who claims responsibility is giving that data away for free.

It’s the second major incident in the past three years for Wishbone.
In 2017, hackers made off with 2.2 million email addresses and nearly
300,000 cell numbers.

A great number of those belonged to young women. Documents that leaked
around the same time revealed that upwards of 70% of Wishbone’s users
were under 18.

That had parents and privacy advocates bristling, and that lightning
may very well strike twice. This new breach impacts nearly 20 times
more users and includes far more data on each and every one.

ZDNet’s Catalin Cimpanu reports that the hacked data includes
usernames, emails, phone numbers, and location information. It also
includes hashed passwords.

While the fact that passwords were not stored in plain text is good
news, Cimpanu says those he examined were hashed using the MD5
algorithm. MD 5 was declared “cryptographically broken” by experts all
the way back in 2010.

A moderately-complex password hashed with MD5 could be cracked in 30
minutes or less. That’s not great news for these 40 million users.

It’s a safe bet that some percentage of them used the same password
with other apps or websites. Password fatigue continues to lead many
down the slippery slope of password re-use.

Email address and password pairs stolen in this breach could now be
used to break in to those users’ other accounts.

That’s particularly alarming given Cimpanu’s most recent update. The
hacker who stole the data was originally selling it for $8,000. Now
it’s being given away on hacking forums.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange
Previous By Date Next
Previous By Thread Next

Current thread: