Wishbone Breach: Hacker Leaks Personal Data of 40 Million Users – Disposable mail news

Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like usernames, contact numbers, email addresses, Facebook and Twitter access tokens, DOBs, location, gender, and MD5 hashed passwords. Researchers have confirmed the authenticity of the data that has found to be accurate – belonging to the users who have used the app. It could be used by attackers to carry out various malicious activities such as phishing campaigns, identify thefts, credential stuffing attacks, and account takeovers.

Wishbone is a mobile survey app that provides users a social platform to compare social content, the app hasn’t disclosed its total user count in recent times, Wishbone has been enlisted as one of top 50 most popular social networking apps in iOS App Store for years now, also making it to the top 10 in its prime.

This breach came as the second-largest security incident in the last three years for the app, earlier in 2017, hackers breached around 2.2 million email addresses and 287,000 phone numbers. It mainly contained kids’ personal details. However, the recent breach mainly consists of numbers belonging to young women.

According to the reports, the database was circulating secretly since March, it has been put up for sale on dark web forums for thousands of dollars. Later, ‘ShinyHunters’, a dark web trader who allegedly leaked the data, stated that they will be publishing the data for free after individuals began reselling it.

While commenting on the matter, senior vice president of data security specialists comforte AG, Mark Bower said, “It looks like security and privacy have been an afterthought, not a matter of culture and software development process. If the passwords are hashed with MD5, then the users affected should be immediately making sure their ID’s and passwords aren’t used elsewhere with the same password. MD5 is a goner as far as security is concerned but used by mistaken developers unfamiliar with its security risks or using older code libraries using MD5. Hashed MD5 passwords aren’t difficult to brute force. The bigger issue here is the personal data though – so now attackers have a bunch more data for social engineering.”

Security experts have recommended Wishbone users to update or change their passwords and stay wary of any suspicious activity in their account.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Latest Research Reports Prices of Your Documents on the Dark Web – Disposable mail news


Atlas VPN did a new study based on Flash Intelligence Research findings from 2017-2019. The research has revealed the costs of essential goods and services on the dark web. For instance, the Social Security Numbers, which are now out of date and insecure as they are no longer in use, especially after the 2018 Equifax Hack, they are still widely used as a primary proof of identification confirmation. Hackers tend to attack websites that can generate millions of SSNs at once so that all the data is vulnerable to hackers.

Therefore, with millions of SSNs in the open, they are sold up to $4 on the dark web. According to Flashpoint, the following services are available on the dark web along with the SSNs.

These services are divided into four types:

  •  Hacker Services
  •  Forged Documents 
  • Personal Identifiable Information (PII) 
  • Stolen Financial Information 

The PII (personally identifiable information) package, in addition to the SSN for $4, has the victim’s Name, Passport No, Driver’s License Details, and email id. However, access to Stolen Financial Information costs much more than SSN. According to Atlas VPN, credit cards up to $5k balance costs $10, whereas discredited bank accounts with savings more than $10000 cost $25.

Note: The price also depends on the victim’s savings. If the savings go higher, the cost to obtain the details also goes higher. It is because of victims with high credit score accounts are less risky to attack as their banks won’t notice it and won’t cut it off.

Forged documents top the list in the prices. Physical passports are sold for $3k-$5k on the dark web. According to other reports, a 1-hour DDoS (Distributed Denial of Service allows the servers to shut down or stop working )attack on any bank or government website costs around $165.

How to prevent yourself? 

It is a bit difficult to prevent such attacks, but the users can always follow some rules to secure their account information. These are:

  •  Secure your devices with a password; a pin would be better.
  •  Avoid using public wifis while browsing or downloading apps. 
  • Use 2 step verification


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Website Puts 12 Billion User Records Up For Sale and Gets Seized By US Authorities – Disposable mail news

Are you fond of buying stolen’/leaked data? Because, one such domain, named ‘WeLeakInfo.com’ recently got seized by the US authorities.

WeLeakInfo, with its absolutely convenient name, had been selling stolen data from other hacked websites, online for the past three years.

The website provided an online service where hacked data was made available to people willing to pay for it.

Per sources, hackers were made available people’s “cleartext passwords” which aided them to purchase a subscription on the site in order to attain access to tons of user credentials.

Apparently, this illegal website was doing so well that it had gotten quite a popular fan-base for itself in the hacking “underworld”.

Reportedly, people were even providing them with consignments to execute recon on targeted individuals and organizations alike.

The modus operandi was in the way, that hackers would buy access to the site. They’d then search for names, emails and usernames of people they want to hack. The site would come up with results in the affirmative as to in which data breaches exactly were the required user’s data available.

The hackers would then have complete access to people’s passwords which they could easily run against that person’s other online profiles as well.

The cost of the website was incredibly low making it easily accessible to all sorts of hackers of all sorts of abilities and financial attributes.

Reportedly, for a lowly amount of $2/day hackers could fully wring the website for unlimited searches for any user’s data which was ever in a data breach.

During the silence before the storm period, WeLeakInfo was proudly flaunting on its website its expanded network of over 12 billion user records owing it to more than 10,000 data breaches, reports mentioned.

The storm hit and WeLeakInfo got taken down together by FBI, authorities from the Netherlands, Northern Ireland, the UK, and Germany.
Also, per sources, two arrests were made in the Netherlands and Northern Ireland each. Reportedly, the arrested suspects are allegedly staff members of the site.

After the US authorities took down “LeakedSource” in February 2017, “WeLeakInfo happens to be the second most major website to go down the same drain.

There still exist several websites that are providing people access to stolen data especially cleartext password, as you read this.

Per sources, similar websites, allegedly by the name of “Detached”, “Leak-Lookup” and “Sunbase” have been created on the model of a website “Have I Been Pwned” which is a website created by Australian researchers, per reports.

The model of the three websites and “Have I Been Pwned” may be the same but the latter never permits access to cleartext passwords.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.