San Francisco, May 23 (IANS)
Personal data from nearly 40 million users of popular voting app Wishbone has been hacked which is available for free download on a hacking forum.
The Wishbone user database has been leaked in full, according to a
ZDNet report, and a hacker known as ShinyHunters has taken credit for the hacking.
Earlier, the data was being offered for 0.85 bitcoin ($8,000) on the Dark Web.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More The data contains usernames, emails, phone numbers, city/state/country and
hashed passwords.
"The data also included links to Wishbone profile pictures. URLs included in the sample data loaded images depicting minors, an age category the Wishbone app has always been historically popular," according to the report.
The passwords were not stored in plain text but hashed using the
MD5 algorithm.
MD 5 was declared "cryptographically broken" by the experts in 2010.
A moderately-complex password hashed with MD5 could be cracked in 30 minutes or less.
ShinyHunters is currently selling databases from tens of other companies, totaling more than 1.5 billion records.
The companies include online dating app Zoosk, US newspaper Star Tribune and food delivery service Chef that contains over 73 million user records over the Dark Web for $18,000 (nearly Rs 13.6 lakh) .
Other companies are printing service Chatbooks, South Korean fashion platform SocialShare, online marketplace Minted, online newspaper Chronicle of Higher Education, South Korean furniture magazine GGuMim, health magazine Mindful and Indonesia online store Bhinneka.
ShinyHunters is the same group behind breaching private repositories on Microsoft-owned
GitHub (the hacker is believed to have acquired around 1,200 private repositories) and Tokopedia, Indonesia's largest online store where a database of over 90 million user records was sold.
On May 20, our team became aware of a security issue where we believe an unauthorized individual may have had access to Wishbone’s database through stolen credentials. Personal information for some of our users was compromised. No financial or other sensitive information was involved. We have since invalidated any current access methods to user information and updated keys accordingly, and we've also ensured that all employees or services which require access use cybersecurity approved multi-factor authentication or similar methods. Across the board, we are implementing stronger security and encryption of personal information to ensure the safety of all of our users’ data. We value our users' privacy and deeply regret that this has happened. 
Next Story
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
Catan adds climate change to the latest edition of the world-famous board game
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
JNK India IPO allotment – How to check allotment, GMP, listing date and more
Indian Army unveils selfie point at Hombotingla Pass ahead of 25th anniversary of Kargil Vijay Diwas
