Popular teen social app Wishbone hacked

Popular teen social networking app Wishbone was hacked, according to a report today from Motherboard. Now, millions of email addresses and thousands of cell phone numbers are circulating the internet, many of them from kids under 18.

Wishbone is one of the top 10 most popular social networking apps for iPhone in the US, according to analyst firm App Annie. It lets users vote on pop culture-based questions like whether they prefer Dominos or Pizza Hut, whether they prefer eyeshadow or eyeliner, or which Kendall Jenner outfit they like best. After picking a side, they get to see how their friends voted. Hackers apparently accessed the app’s database through an unprotected API and took an estimated 2.2 million email addresses and over 287,000 cellphone numbers, along with personal information like birthdates and gender. No passwords or financial information were stolen, Wishbone said.

Wishbone owner Science Inc. told Motherboard the security hole is now fixed, and offered an apology to users in the following statement:

We value your privacy and deeply regret that this incident occurred. Maintaining the integrity of your personal information is extremely important to us. We sincerely apologize for any inconvenience this incident may have caused you. We are continuing to investigate this matter and have taken and will continue to take appropriate action to prevent future similar incidents. Please be assured that we will keep you informed of any developments in the investigation that may be of importance to you.

Via: TechCrunch

Source: Motherboard

Engadget RSS Feed

Apple patches three zero-day exploits after activist is hacked

Apple has rolled out a patch for three previously unknown zero-day exploits that were used to hack into the iPhone 6 of Ahmed Mansoor, an award-winning human rights activist based in the United Arab Emirates. Security company Lookout and internet watchdog group Citizen Lab investigated the attack on Mansoor’s iPhone and found it to be the product of NSO Group, a “cyber war” organization based in Israel that’s responsible for distributing a powerful, government-exclusive spyware product called Pegasus.

The hack took advantage of three zero-day exploits that allowed the attackers to jailbreak Mansoor’s iPhone and install spyware to track his movements, record his WhatsApp and Viber calls, log his messages and access his microphone and camera. Given the high cost of iPhone zero-days and the use of a government-specific spyware product, Citizen Lab believes the UAE is behind the hack. The UAE has previously targeted Mansoor.

“We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find,” Citizen Lab writes.

Once Citizen Lab discovered the zero-days, it contacted Apple and says the company responded promptly. Apple released a software update today, iOS 9.3.5, that addresses the three flaws.

Source: Citizen Lab, Apple, Lookout

Engadget RSS Feed