[UPDATE] Official Statement From Wishbone: 'Implementing Stronger Security and Encryption'

UPDATE: Wishbone reaches Tech Times regarding the previous article about data breach linked to the Wishbone app. Here's the official statement of the company:

On May 20, our team became aware of a security issue where we believe an unauthorized individual may have had access to Wishbone's database through stolen credentials. Personal information for some of our users was compromised. No financial or other sensitive information was involved. We have since invalidated any current access methods to user information and updated keys accordingly, and we've also ensured that all employees or services which require access use cybersecurity approved multi-factor authentication or similar methods. Across the board, we are implementing stronger security and encryption of personal information to ensure the safety of all of our users' data. We value our users' privacy and deeply regret that this has happened.

Wishbone, a social polling app made by Mammoth Media, reportedly experienced a massive data breach. The company did not yet confirm the hacking, but it turns out that approximately 40 million of its users are now exposed to different online selling platforms. An exclusive report tells us that hackers of the app are now selling the profiles of Wishbone's users for a total price of $8,000.

For $8,000, you can now buy 40 million hacked profiles

The sale includes the passwords for each account in Wishbone. And surprisingly, they are not even encrypted properly.

ZDNet was intrigued by the hacker's claim that the passwords were in SHA1 format. But when they accessed the said passwords, they were found with MD5 format only, which can easily be cracked even by a normal person that knows technology.

It was not identified whether the exact seller of the data was the main hacker of Wishbone. But ZDNet thinks that the seller is only a "data broker," which specializes in selling and buying hacked items-- not part of the exact hacking business.

Wishbone may not be safe to use after all

Mammoth Media has not yet confirmed the said recent hacking on their app. But it turns out that this news may not be as shocking as it could be.

A group of advertisers under the Digital Advertising Accountability Program (DAAP) investigates the app, and its another affiliate called Yarn. According to them, the apps allegedly collect data of their users through their promoted ads.

"In Mammoth Media's case, "technical analysis revealed the collection of user data - including precise location data - by third parties for advertising purposes." But clear disclosure of those activities and requests for consent were not found," written on the report.

As of now, Mammoth Media spokesperson said that the company is now investigating the said sale and complaints regarding the app's safety.

"Protecting data is of the utmost importance," the company said. "We are investigating this matter and will share any significant developments."

ALSO READ: [HACKER] 773 Million Email Addresses and 21 Million Passwords Hacked; Google Chrome to Have More Intuitive Security Privacy Controls

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Hack
Join the Discussion
Real Time Analytics