U.S. authorities charged four men on Wednesday, including two officers at Russia?s spy agency, with the Yahoo Inc. hacks that compromised the personal data of hundreds of millions of users, including the accounts of U.S. and Russian officials, business leaders and journalists. Photo: AP.
THE private details of at least 1000 Australians have been exposed by hackers who have cracked the security of an app that is a favourite with teenage girls.
Hackers have stolen a Wishbone app database containing more than 2.2 million email addresses, mobile phone numbers, full names, gender and birth dates and have circulating them on the internet.
Australian security researcher Troy Hunt, who runs the well-known hacking warning site Have I Been Pwned, this week was alerted to the presence of the database being circulated.
Science Inc, the makers of the app, issued a statement to Motherboard that “the vulnerability has been rectified”, indicating that the security flaw that let the hackers in has been fixed although the information is now out there.
Mr Hunt told News Corp Australia that there was at least 995 records where either the number begins with +61 or the email ends with a com.au, indicating that they are Australians.
“Of course there’ll be a lot more Aussie data in there due to the fact that so many of us use Gmail, Outlook etc and have .com email addresses,” he said.
The Wishbone app lets users vote on what they think is the best option in a choice of two things, with topics including celebrities, fads, fashion, humour and music.
The Kids Privacy blog calls Wishbone “mindless fun” and compares it with “flipping through a US magazine at a doctor’s office”. The biggest user group of Wishbone is teenage girls.
RJ Gazarek, product manager at password protection firm Thycotic, called it a “very dangerous breach”.
“I urge every parent to check with their child to determine if they’ve used this app. Look through the settings of any other app they are using and see if any personal information is stored in them. If it is, try to remove the information, or remove the app all together,” he said.
“While a breach like this reminds us of the dangers the internet can bring, it’s important for parents to teach their kids about safe internet habits on an ongoing basis.
“While the internet has brought us many great treasures, it’s availability on smartphones, tablets, laptops, and gaming devices makes the exposure and use of the internet nearly impossible to avoid.
“Whether a child uses an app on their smartphone, a computer at school, or borrows a friends phone to play around on, the dangers are there and it’s important to teach kids how vital it is never to put any personal information into these apps.”
Nathan Wenzler, chief security strategist at AsTech security company, said identify theft was “
incredibly problematic”, particularly for teenagers who had a “what’s the big deal?” approach to the problem.
“Parents must help their children understand why protecting their identity is important, especially before they’ve reached adulthood and will be opening back accounts, credit lines and applying for loans,” he said.
“Not sharing personal information when asked for it, using strong passwords and changing them on a regular basis, and learning to monitor for strange activity or new accounts being opened in their names are all important concepts that should be taught.”
Mr Wenzler urged parents to perform online searches periodically to see it their children’s information has been exposed online.
Have I been Pawned lets you identify whether an email address is among the hundreds of billions that have been caught up in known security breaches.