An attacker has offered on a criminal forum to sell the details of 40 million users who registered on the Wishbone app–an app that lets users compare items in a simple voting poll. The seller posted a sample of the stolen data which contains usernames, email addresses, phone numbers, location data, and also hashed passwords. The seller states that the passwords are hashed in the MD5 format. MD5 is a weaker hashing algorithm and can be easily cracked with free tools and minimal computing power. The data also includes Wishbone profile pictures. The data is being advertised on several forums for 0.85 bitcoin or about $8500. The person behind the forum ad, “Megadimarus,” is a data broker–a term used to describe a cyber-criminal who specializes in buying and selling breached data. According to ZDNET, this broker is selling databases from multiple other companies which suggests that this is not the same person who stole the data.
Binary Defense was contacted by an individual who was recently scammed out of $4,000 through