Hacker shares 40 million Wishbone user records for free
by Ecopirate - May 22, 2020 at 04:12 AM
#1
Note: The relevant RF post that the news story below is referring to is here:
https://raidforums.com/Thread-SELLING-Pr...-Databases

Hacker shares 40 million Wishbone user records for free
May 21, 2020

A hacker has leaked 40 million Wishbone user records that contain a treasure trove of information that could be used to perform phishing campaigns, account takeovers, and credential stuffing attacks. BleepingComputer has been able to independently confirm that the data is legitimate as it contains user records for people we know have used the app and who have confirmed the accuracy of the data.

Wishbone is a popular app for iOS and Android that allows users to create comparisons between two images that people can then vote on.
For weeks, BleepingComputer has been aware of a data breach broker selling an alleged database containing 40 million user records for the Wishbone app through private deals.
According to cyber intelligence firm Cyble, who shared this information with BleepingComputer, the database was circulating privately since March.
Yesterday, a different data breach seller publicly advertised the sale of the Wishbone database on a popular hacker forum where they were selling it for $8,000.

This seller told BleepingComputer in previous conversations that he collects, trades, and buys databases from data breaches and then sells them to others.
We were also told that this database was dumped at the end of January 2020.

Today, another data breach seller and competitor known as Shiny Hunters, decided to leak the entire database for free on the same hacker forum.
Shiny Hunters have been responsible for the sale of numerous data breaches, including one for Microsoft's private GitHub repository. Since then, some of these have been confirmed as data breaches by the affected companies.

We can expect to see tensions escalate between the two threat actors as both brokers are known to sell legitimate data.
This could lead to other private databases being leaked for free as each tries to spoil the other's sales.

What's in the database
Samples of the Wishbone database have been shared with BleepingComputer that unfortunately contains a great deal of data that can be useful to threat actors.
This exposed data includes usernames, email addresses, hashed MD5 passwords, mobile numbers, Facebook and Twitter access tokens, gender, date of birth, MD5, profile images, and much more.

A full list of the exposed information can be seen in the leaked table structure below:

uid,username,email,name,mobile_number,country_code,fbid,access_token,auth_token,ip,create_time,twitter_id,twitter_access_token,twitter_access_secret,gender,date_of_birth,password,image,follower_count,device_token,android_device_token,is_admin,timezone,displaying_post_date,is_device_active,shared_for_date,show_second_session_date,apple_idfa,google_advertiser_id,stickers_left,deleted_at,updated_at

BleepingComputer has contacted Wishbone with a sample of the data but has not received a response.
Unfortunately, this is typical for companies that we contact to notify of alleged data breaches. 

What should Wishbone users do now?
As some of the exposed data in this database file has been confirmed as accurate, it does appear to be a legitimate breach.
Due to this, out of an abundance of caution, I would suggest that all Wishbone users immediately change their passwords on the app.
If they have logged in via Facebook or Twitter, it is also suggested that you disconnect these apps from your Facebook account and Twitter accounts until it is confirmed if the data breach is real.

Finally, if you use your Wishbone password at other sites, you should change it there.
To check if your information was exposed in this database, you can check using Cyble's AmIBreached data breach lookup service.

Source: https://www.bleepingcomputer.com/news/se...-for-free/
#2
Do you just copy paste shit to get credits?
You do know this is still against the rules?
#3
this is really interesting, does anyone have a link to the full database?
This forum account is currently banned. Ban Length: 2 Weeks (1w, 1d, 1h remaining).
Ban Reason: Mass Leeching
#4
Hi Omnipotent,

Ooops, sorry. No I didn't know it was against the rules.
I stop posting now.

Best regards.
#5
How can I download the fille “̯ . Whay can any one send me the link ?

Tell me Please he say be 8 credits i dont have “̯ . Whay
#6
Interesting news....we have to wait for the leak
#7
(May 22, 2020 at 01:27 PM)BubbaGum Wrote: Interesting news....we have to wait for the leak

Are you being serious? ---->
https://raidforums.com/Announcement-Data...x-CLICK-ME
look at the bottom one
#8
The database is already up to grab
#9
this is really interesting, does anyone have a link to the full database?
#10
really interesting read Smile
#11
Been curious about this, have been taking a look at the stuff posted here since yesterday.
#12
(May 22, 2020 at 01:34 PM)Ashfanino Wrote:
(May 22, 2020 at 01:27 PM)BubbaGum Wrote: Interesting news....we have to wait for the leak

Are you being serious? ---->
https://raidforums.com/Announcement-Data...x-CLICK-ME
look at the bottom one


pretty sure bubbagum is a bot Biggrin

Possibly Related Threads…
Thread Author Replies Views Last Post
Wishbone Database MarketBud 0 248 May 06, 2021 at 10:46 AM
Last Post: MarketBud
DEEP WEB HACKER AT YOUR SERVICE administrator001 12 767 April 10, 2021 at 12:57 AM
Last Post: themanwithnoname
DEEP WEB HACKER AT YOUR SERVICE administrator001 14 843 March 15, 2021 at 06:14 AM
Last Post: Sku11

 Users browsing this thread: 3 Guest(s)