Global Security Trends
A prolific dark web trader has leaked what they claim to be 40 million user records from popular mobile app Wishbone. The individual who is known as “ShinyHunters” posted the data to RaidForums, claiming that, “since people are starting to resell wishbone we’ve decided to leak it for free.”.
ShinyHunters has been linked to multiple previous sales of breached data including Home Chef, which this week revealed that it had suffered a very serious cybersecurity incident thought to have affected millions of customers. Very popular with middle-class, Wishbone is an iOS and Android app which allows users to “compare anything.” The data breach highlights and indicates ongoing tension of the data and records breach syndrome that has been worrying industry players.
The trove of large data now available at the dark web includes names and house address, account usernames and passwords, email addresses, mobile numbers, gender, date-of-birth, Facebook and Twitter access tokens, MD5-hashed passwords and more and this could provide criminals with plenty of information to carry out follow-on phishing attacks, credential stuffing and more.
The tokenization and the securely encryption of the data could have helped Wishbone mitigate the impact of the breach to maximum
“Unfortunately, in this case the stolen data and records were all in MD5 format, a weak form of password hashing which can be decoded by malicious actors and therefore monetized through sale on hacking forums, and on the dark wen” he further explained.
The dark web is the World Wide Web content that exists on darknets, overlay networks that use the Internet but require specific software, configurations, or authorization to access. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines
SwiftVet is your one-stop agency when it comes to background checks, investigative services, vetting and verification, drug testing services, intelligence support and risk management