NewsHacker uploads 40 million Wishbone user data online for free

Hacker uploads 40 million Wishbone user data online for free

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
Incogni Black Friday Ad

A hacking incident has occurred which has led to this hacker giving out 40 million user data records from the Wishbone app platform. These hacked data containing sensitive information that has been verified to be authentic can be used for account takeover, data padding, and phishing campaigns.

The digital landscape is fraught with security risks, and social media platforms are no exception. A recent hacking incident involving Wishbone, a popular mobile app, has exposed the sensitive data of a staggering 40 million users.

This breach highlights the importance of robust data security practices and serves as a cautionary tale for users and app developers alike.

READ ALSO: 16 Best Protection Tools Against Hackers [100% WORKING]

Wishbone: A Platform for Choice

Wishbone, available on both Android and iOS, allows users to create polls or comparisons between two items, ranging from music tracks and fashion trends to smartphones, gaming consoles, and even celebrity faces.

Users then vote on their preferences, fostering a sense of engagement and community within the app. This format, particularly popular among younger demographics, makes Wishbone user data valuable to cybercriminals.

The Breach: Exposed Data and Potential Consequences

The hacking group ShinnyHunters has claimed responsibility for the Wishbone breach. Initially, they attempted to sell the stolen data (including records from January 2020) for a fee on dark web marketplaces.

However, in a concerning turn of events, they have now made the entire dataset available for free. This move could exacerbate the situation, potentially leading to a surge in attacks fueled by other malicious actors vying for dominance in the cybercrime underworld.

READ ALSO: How To Be The Number One Hacker In The World

What Was Exposed In Wishbone Data Breach?

The compromised Wishbone user data consists of sensitive information that can be exploited for nefarious purposes. Here's a breakdown of the exposed details, according to security firm Cyble:

  • Email Addresses: A fundamental component for user identification and potential phishing attacks.
  • Hashed Passwords (MD5): Though hashed (scrambled) for basic protection, the use of the MD5 algorithm raises concerns. MD5 hashing is considered less secure compared to stronger hashing functions like SHA-256.
  • Social Media Tokens: These tokens can be used to gain unauthorized access to social media accounts linked to Wishbone profiles.
  • Profile Images: While seemingly innocuous, profile images can be used for social engineering scams or identity theft attempts.
  • Personal Information: This includes date of birth, contact addresses, mobile numbers, usernames, and gender. This information can be used for targeted attacks or sold on the dark web.

A History of Hacking and the MD5 vs. SHA-1 Debate

This is not Wishbone's first brush with a data breach. A previous incident in 2017 raised questions about the platform's security practices.

Furthermore, the use of MD5 hashing for passwords, even though ShinnyHunters claim they were SHA-1 hashed, reignites the debate about password security best practices. MD5 hashing is more susceptible to brute-force attacks compared to SHA-1, which is generally considered more secure.

However, even SHA-1 is no longer considered the strongest hashing algorithm, with SHA-256 being the current industry standard.

READ ALSO: How To Become A Certified Ethical Hacker

Recommendations for Users and Developers

In the wake of this breach, several recommendations can be made:


  • Strengthen Passwords: Move away from simple passwords. Use a combination of uppercase and lowercase letters, numbers, symbols, and special characters. Consider a password manager to generate and manage complex passwords for all your online accounts.
  • Beware of Phishing Attempts: Be cautious of unsolicited emails or messages, even those seemingly coming from Wishbone. Do not click on suspicious links or attachments.
  • Monitor Accounts: Keep an eye on your Wishbone account for any unusual activity. Consider enabling two-factor authentication for added security.


  • Prioritize Data Security: Implement robust data security practices, including using strong hashing algorithms (like SHA-256) for password storage.
  • Regular Security Audits: Conduct regular security audits to identify and address vulnerabilities in your systems.
  • Transparency and Communication: Be transparent with users about data breaches and the steps being taken to address them.

Wishbone Data Breach: FAQs

Did Wishbone Get Hacked?

Yes, Wishbone unfortunately suffered a data breach that exposed the personal information of millions of users. A hacking group called ShinnyHunters claimed responsibility and released the stolen data, which reportedly includes email addresses, hashed passwords, social media tokens, profile images, and personal details like date of birth and phone numbers.

What Happens in a Data Breach?

A data breach occurs when unauthorized individuals gain access to a system or database containing sensitive user information. This information can then be used for various criminal activities.

In the case of Wishbone, the exposed data could be used to target users with phishing emails, steal their online identities, or even blackmail them.

Here are some additional steps you can take to protect yourself:

  • Change Your Password: If you use the same password for Wishbone and other online accounts, change it immediately. Create a strong password with a combination of uppercase and lowercase letters, numbers, and symbols. Consider using a password manager to generate and manage complex passwords.
  • Beware of Phishing Attempts: Phishing emails or messages may try to trick you into revealing personal information or clicking on malicious links. Be cautious of any emails or messages, even those claiming to be from Wishbone, and never click on suspicious links or attachments.
  • Monitor Your Accounts: Keep an eye on your Wishbone account and other online accounts for any unusual activity. Consider enabling two-factor authentication for added security.

Conclusion: Lessons Learned and the Road Ahead

The Wishbone data breach serves as a stark reminder of the ever-present threat of cyberattacks. By implementing robust security measures, both users and app developers can create a safer online environment.

Users should prioritize strong passwords and be wary of phishing attempts. Developers, on the other hand, must prioritize data security by employing best practices and maintaining a culture of transparency with their user base.

Note: This was initially published in May 2020 but has been updated for freshness and accuracy.


About the Author:

fiorella salazar
Cybersecurity Expert at SecureBlitz

Fiorella Salazar is a cybersecurity expert, digital privacy advocate, and VPN evangelist based in Canada. She holds an M.Sc. in Cybersecurity from a Canadian university. She is an avid researcher and frequent contributor to several cybersecurity journals and magazines. Her mission is to raise awareness about the importance of digital privacy and the benefits of using a VPN. She is the go-to source for reliable, up-to-date information on VPNs and digital privacy.

Editor at SecureBlitz | Website

Christian Schmitz is a professional journalist and editor at He has a keen eye for the ever-changing cybersecurity industry and is passionate about spreading awareness of the industry's latest trends. Before joining SecureBlitz, Christian worked as a journalist for a local community newspaper in Nuremberg. Through his years of experience, Christian has developed a sharp eye for detail, an acute understanding of the cybersecurity industry, and an unwavering commitment to delivering accurate and up-to-date information.


Heimdal Security ad
cyberghost vpn ad
mcafee ad


Please enter your comment!
Please enter your name here