Flash Alert: Wishbone app breach
May 21st, 2020
Subscribe to our blog and stay up to date
Executive summary: IntSights researchers have obtained the full database from the Wishbone app breach
On May 21st it was reported that Wishbone, a popular teen-focused social app, has been breached. The reports came after a threat actor offered the database from the breach for sale on a cybercrime market.
The seller offered the 40M credentials for a price of 0.85BTC (or roughly $8,000). The database contains full names, usernames, phone numbers, location, passwords and more. While the seller claims the passwords were hashed using SHA1, the passwords were actually hashed using MD5, a relatively easy to crack hashing function. Cracking MD5 hashed passwords can be done using freely available tools and can be done quickly if the victim used easy to guess passwords.
IntSights is currently in the process of analyzing and parsing the data. Organizations who have been affected by this breach will be notified.
Affected users are advised to change their password for Wishbone as well as any other service, site, or application where the same password was used in order to prevent credential stuffing attacks.
To see the IntSights External Threat Protection suite of solutions in action, schedule a live demo with a member of our team today.
Etay Maor is Chief Security Officer at IntSights. As CSO, Etay leads the security advisory practice at IntSights where he works with CISOs and other senior cybersecurity executives to develop risk management-based cybersecurity programs. Etay has extensive experience in cybersecurity having worked at IBM, Trusteer, and RSA. Etay holds a BA in Computer Science and a MA in Counter Terrorism and Cyber Terrorism and is currently a professor at Boston College.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.