ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Wishbone (2020) Data Breach

wishbone.io
Significant exposure
Verified breach Passwords exposed
Accounts exposed 9,705,172
Breach date 27 Jan 2020
Added to tracker 28 May 2020
Data classes 12

What happened

In January 2020, the mobile app to "compare anything" Wishbone suffered another data breach which followed their breach from 2016. An extensive amount of personal information including almost 10M unique email addresses alongside names, phone numbers geographic locations and other personal attributes were leaked online and extensively redistributed. Passwords stored as unsalted MD5 hashes were also included in the breach.

Exposed data

Auth tokens Dates of birth Email addresses Genders Geographic locations IP addresses Names Passwords Phone numbers Profile photos Social media profiles Usernames

Recommended actions

  • Change your Wishbone (2020) password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Wishbone (2020) — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP