Wishbone (2020)

Have I Been PwnedConfirmed breachAdded May 28, 2020Occurred January 27, 20209,705,172 accountswishbone.ioAll Wishbone (2020) breaches →

What was exposed

Auth tokensDates of birthEmail addressesGendersGeographic locationsIP addressesNamesPasswordsPhone numbersProfile photosSocial media profilesUsernames

What to do if you were affected

Change your password for this account, and anywhere you reused it. Turn on two-factor authentication.
Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
Watch for text-message phishing and SIM-swap attempts on your phone number.
Be wary of targeted scams that use your personal details to sound convincing.

Details

In January 2020, the mobile app to "compare anything" Wishbone suffered another data breach which followed their breach from 2016. An extensive amount of personal information including almost 10M unique email addresses alongside names, phone numbers geographic locations and other personal attributes were leaked online and extensively redistributed. Passwords stored as unsalted MD5 hashes were also included in the breach.

Frequently asked questions

What is the Wishbone (2020) data breach?

When did the data breach happen?

This data breach occurred around January 2020.

How many accounts were affected?

Around 9,705,172 accounts were affected.

What information was exposed?

Exposed data included Auth tokens, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names and Passwords.

What should I do if I was affected?

Change your password for this account, and anywhere you reused it. Turn on two-factor authentication. Expect more phishing and spam at this address. Treat messages that reference this company with extra caution. Watch for text-message phishing and SIM-swap attempts on your phone number. Be wary of targeted scams that use your personal details to sound convincing.

View on source ↗

Related breaches