Wishbone Breach: 40 Million Records Leaked on Dark Web
Dark web trader ShinyHunters has leaked an alleged 40 million user records stolen from the mobile app Wishbone, stating that they had decided to leak the data for free after individuals started to resell it. Cybersecurity vendor Cyble reported the massive data breach, which marks ongoing tension in the cybercrime community. The data was previously for sale for thousands of dollars on dark web forums.
ShinyHunters is a prolific group that has been linked to previous stolen data sales including that of Home Chef, which announced earlier this week that it had been targeted by a cyberattack affecting millions of customers. Wishbone is a popular youth app for iOS and Android. The user data extracted and for sale includes dates of birth, Facebook and Twitter access tokens, MD5 hashed passwords, usernames, email addresses, mobile numbers, and more. This comprehensive data could potentially provide threat actors with sufficient information to conduct phishing attacks, credential stuffing, and others.