Wishbone app: Hacker sells data to 40 million users

A hacker has set towards data sales of 40 million users of the Wishbone application. It's a popular mobile app, which allows them users to compare two elements with a simple vote.

Ο hacker advertises stolen data in many hacking forums. Their price is 0,85 bitcoin (. $ 8000).

According to the seller, Wishbone's user data includes user information, such as usernames, e-mail, phone numbers, city / state / country, but also hashed codes access.

The hacker claims that the passwords are on SHA1 format, although a sample examined contained passwords to MD5.

The MD5 is a weak one password hashing format, which can break and reveal real codes access in plain text. This can be done even with tools available for free at Internet.

The data also included links that led to profile pictures in Wishbone. The URLs included in the data samples include: photos depicting minors.

Η Hacking attack on the Wishbone application took place earlier this year

The seller claims that the data of the Wishbone application was obtained through a hacking attack, which took place earlier this year. Based on the published data, this claim is rather true.

It is not clear, however, whether the person has put all of them advertisements in hacking forums is the real hacker.

The person behind the ads is what security researchers call it “Data broker”. In other words, he is the one who specializes in purchase and resale of breached databases in hacking forums and dark world wide web markets.

According to the ads, the specific criminal seems to be selling databases from dozens of other companies (total over 1,5 billion files).

Most of the databases come from Companies who have reported violations in previous years. Wishbone had fallen victim attack and in 2017, when a hacker stole data from 2,2 million users.

However, the data sample found now does not include data from it infringement This confirms that these are new infringed accounts and therefore a new Wishbone hack.

Wishbone has not disclosed the total number of users in recent years. However, the application is located on 50 most popular social networking applications in the iOS App Store for years. In 2018, it was among the 10 most popular apps. In the Google Play Store, the app has 5 to 10 million downloads.