Wishbone Breach: Hacker Leaks Personal Data of 40 Million Users – Disposable mail news

Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like usernames, contact numbers, email addresses, Facebook and Twitter access tokens, DOBs, location, gender, and MD5 hashed passwords. Researchers have confirmed the authenticity of the data that has found to be accurate – belonging to the users who have used the app. It could be used by attackers to carry out various malicious activities such as phishing campaigns, identify thefts, credential stuffing attacks, and account takeovers.

Wishbone is a mobile survey app that provides users a social platform to compare social content, the app hasn’t disclosed its total user count in recent times, Wishbone has been enlisted as one of top 50 most popular social networking apps in iOS App Store for years now, also making it to the top 10 in its prime.

This breach came as the second-largest security incident in the last three years for the app, earlier in 2017, hackers breached around 2.2 million email addresses and 287,000 phone numbers. It mainly contained kids’ personal details. However, the recent breach mainly consists of numbers belonging to young women.

According to the reports, the database was circulating secretly since March, it has been put up for sale on dark web forums for thousands of dollars. Later, ‘ShinyHunters’, a dark web trader who allegedly leaked the data, stated that they will be publishing the data for free after individuals began reselling it.

While commenting on the matter, senior vice president of data security specialists comforte AG, Mark Bower said, “It looks like security and privacy have been an afterthought, not a matter of culture and software development process. If the passwords are hashed with MD5, then the users affected should be immediately making sure their ID’s and passwords aren’t used elsewhere with the same password. MD5 is a goner as far as security is concerned but used by mistaken developers unfamiliar with its security risks or using older code libraries using MD5. Hashed MD5 passwords aren’t difficult to brute force. The bigger issue here is the personal data though – so now attackers have a bunch more data for social engineering.”

Security experts have recommended Wishbone users to update or change their passwords and stay wary of any suspicious activity in their account.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Radio.com users affected in data breach – 10 minute mail

An unknown number of people had their personal data exposed as hackers accessed database backup files

Entercom, the second-largest radio company in the United States, has announced that it suffered a cybersecurity incident related to its Radio.com domain. The company has found that in August 2019 an intruder accessed the company’s backup cloud database that contained sensitive user data, including possibly Social Security Numbers (SSNs) and driver’s license numbers. Entercom disclosed the breach by sending emails to the affected users and sharing it with the Office of the Attorney General of the State of California.

After suffering a cyberattack in September 2019, the company requested assistance from external computer forensic specialists to see what data had been compromised.

During the investigation, the team uncovered that an unknown party had accessed a third-party cloud hosting service the company uses to host information provided by their listeners. They zeroed in on a specific three-hour timeframe on August 4th, 2019, during which the hackers accessed a database with backup files containing the personal protected information of Radio.com users.

RELATED READING: Types of backup and five backup mistakes to avoid

“Our investigation determined that the impacted database backup files contained, and the unauthorized actor may have accessed, the following types of your personal information: name, Social Security number, and driver’s license number,” said Entercom.

The login credentials of Radio.com users were also compromised. The company kept mum on how many of its users were actually affected, although it did confirm that it was aware of the number. The radio giant gave assurances that it takes the breach seriously and is implementing a wide range of measures to prevent any such breaches in the future:

“We have taken and continue to take steps to prevent this type of incident from happening in the future, including by implementing password rotations, enabling multifactor authentication and stronger password policies for all cloud services, enhancing and broadening auditing based on best practices advised by third party experts, configuring alerts for certain behaviors using the relevant platforms, and providing additional training to staff on data security,” the company said in its statement, adding that it notified regulatory authorities about the breach as well.

Entercom also strongly encouraged its customers to take preventive measures as well such as changing their password for the service. Users who recycle their login details across multiple online accounts should change their passwords for the other services as well.

The company also offered access to 12 months of complimentary credit monitoring and identity theft restoration services at no cost to users.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

600,000 people affected in email provider breach – 10 minute mail

The users’ personal data are now up for grabs on the dark web for anywhere between US$3,500 and US$22,000 worth of bitcoin

The personal details of more than 600,000 Email.it users have been stolen and put up for sale on the dark web. The incident surfaced on Sunday after the perpetrators took to Twitter to spread the word about the website that sells the data.

“Unfortunately, we must confirm that we have suffered a hacker attack,” confirmed the Italian email provider in a statement to ZDNet, which broke the story.

The hacker collective that claimed responsibility goes by the moniker “No Name”, or “NN” for short. The group said that the breach occurred way back in January 2018. They went on to claim on their website that they contacted Email.it about loopholes in the firm’s infrastructure and asked for a “little bounty”, but the Italian email provider refused to communicate with them.

Another message on their website stated that they tried to extort the company on February 1st of this year. An Email.it spokesperson confirmed as much, but the company refused to play ball and contacted the authorities instead.

According to the hackers’ claims, they now have control of 46 databases that contain plain text passwords, email content, and email attachments of users who signed up for a free Email.it account between 2007 and 2020.

RELATED READING: Cybercrime black markets: Dark web services and their prices

The collective additionally claimed that it was able to access plain text SMS messages that were sent out using the company’s text sending service, as well as get a hold of the source code of all of Email.it’s web apps.

On the bright side, no financial data were stored on the hacked servers, nor were any business accounts impacted by the breach.

As of now, the affected servers should be patched and the relevant authorities, including the local data privacy regulator, have been notified.

The incident may bring echoes of an unrelated attack at a US-based email provider VFEmail last year, where the bad actors went even further and wiped out almost two decades’ worth of data from the firm’s servers.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

600,000 people affected in email provider breach – 10 minute mail

The users’ personal data are now up for grabs on the dark web for anywhere between US$3,500 and US$22,000 worth of Bitcoin

The personal details of more than 600,000 Email.it users have been stolen and put up for sale on the dark web. The incident surfaced on Sunday after the perpetrators took to Twitter to spread the word about the website that sells the data.

“Unfortunately, we must confirm that we have suffered a hacker attack,” confirmed the Italian email provider in a statement to ZDNet, which broke the story.

The hacker collective that claimed responsibility goes by the moniker “No Name”, or “NN” for short. The group said that the breach occurred way back in January 2018. They went on to claim on their website that they contacted Email.it about loopholes in the firm’s infrastructure and asked for a “little bounty”, but the Italian email provider refused to communicate with them.

Another message on their website stated that they tried to extort the company on February 1st of this year. An Email.it spokesperson confirmed as much, but the company refused to play ball and contacted the authorities instead.

According to the hackers’ claims, they now have control of 46 databases that contain plain text passwords, email content, and email attachments of users who signed up for a free Email.it account between 2007 and 2020.

RELATED READING: Cybercrime black markets: Dark web services and their prices

The collective additionally claimed that it was able to access plain text SMS messages that were sent out using the company’s text sending service, as well as get a hold of the source code of all of Email.it’s web apps.

On the bright side, no financial data were stored on the hacked servers, nor were any business accounts impacted by the breach.

As of now, the affected servers should be patched and the relevant authorities, including the local data privacy regulator, have been notified.

The incident may bring echoes of an unrelated attack at a US-based email provider VFEmail last year, where the bad actors went even further and wiped out almost two decades’ worth of data from the firm’s servers.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Radio.com users affected in data breach – 10 minute mail

An unknown number of people had their personal data exposed as hackers accessed database backup files

Entercom, the second-largest radio company in the United States, has announced that it suffered a cybersecurity incident related to its Radio.com domain. The company has found that in August 2019 an intruder accessed the company’s backup cloud database that contained sensitive user data, including possibly Social Security Numbers (SSNs) and driver’s license numbers. Entercom disclosed the breach by sending emails to the affected users and sharing it with the Office of the Attorney General of the State of California.

After suffering a cyberattack in September 2019, the company requested assistance from external computer forensic specialists to see what data had been compromised.

During the investigation, the team uncovered that an unknown party had accessed a third-party cloud hosting service the company uses to host information provided by their listeners. They zeroed in on a specific three-hour timeframe on August 4th, 2019, during which the hackers accessed a database with backup files containing the personal protected information of Radio.com users.

RELATED READING: Types of backup and five backup mistakes to avoid

“Our investigation determined that the impacted database backup files contained, and the unauthorized actor may have accessed, the following types of your personal information: name, Social Security number, and driver’s license number,” said Entercom.

The login credentials of Radio.com users were also compromised. The company kept mum on how many of its users were actually affected, although it did confirm that it was aware of the number. The radio giant gave assurances that it takes the breach seriously and is implementing a wide range of measures to prevent any such breaches in the future:

“We have taken and continue to take steps to prevent this type of incident from happening in the future, including by implementing password rotations, enabling multifactor authentication and stronger password policies for all cloud services, enhancing and broadening auditing based on best practices advised by third party experts, configuring alerts for certain behaviors using the relevant platforms, and providing additional training to staff on data security,” the company said in its statement, adding that it notified regulatory authorities about the breach as well.

Entercom also strongly encouraged its customers to take preventive measures as well such as changing their password for the service. Users who recycle their login details across multiple online accounts should change their passwords for the other services as well.

The company also offered access to 12 months of complimentary credit monitoring and identity theft restoration services at no cost to users.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Financial and Customer Info being Exposed in Slickwraps Data Breach – Disposable mail news


Slickwraps, a mobile device case retailer that specializes in designing and assembling the most precision-fitted phone cases in the world has suffered a major data breach that exposed the personal information of employees including their API credentials, resumes and much more.

In January 2020, a security researcher named Lynx attempted to gain access to Slickwraps’s systems, he acquired full access to the company’s website employing a path traversal vulnerability present in a script which is used by them for customizing cases.

After exploiting the vulnerability, Lynx sent emails stating the same to the company and upon receiving no response to those emails, he decided to make public disclosure of the vulnerability and how he exploited it to acquire access to the systems and the data that was compromised.

While giving insights of the incident, Lynx told that it allowed them to acquire access to 9GB of personal customer data that included employee resumes, customers’ pictures, API credentials, ZenDesk ticketing system along with more sensitive data such as hashed passwords, transactions, and contact-related information.

As per the reports, multiple attempts made by Lynx to report the data breaches to Slickwraps were blocked by the company. Even though Lynx made it clear that they don’t want any bounty and are just trying to get Slickwraps to publicly disclose the breach.

In a post made by Lynx on Medium, he stated, “They had no interest in accepting security advice from me. They simply blocked and ignored me.”

While accepting the shortcomings of the company in terms of user security, Jonathan Endicott, Slickwraps CEO, apologized for the data breach and said, “There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back.”

“We are reaching out to you because we’ve made a mistake in violation of that trust. On February 21st, we discovered information in some of our production databases was mistakenly made public via an exploit. During this time, the databases were accessed by an unauthorized party.”

“Upon finding out about the public user data, we took immediate action to secure it by closing any database in question. As an additional security measure, we recommend that you reset your Slickwraps account password. Again, no passwords were compromised, but we recommend this as a standard safety measure. Finally, please be watchful for any phishing attempts.”

“We are deeply sorry about this oversight. We promise to learn from this mistake and will make improvements going forward. This will include enhancing our security processes, improving the communication of security guidelines to all Slickwraps employees, and making more of our user-requested security features our top priority in the coming months. We are also partnering with a third-party cybersecurity firm to audit and improve our security protocols.”

“More details will follow and we appreciate your patience during this process.” the statement further read.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

SoPo Nonprofit Told, Unknown Number of Clients Affected by Data Breach – Disposable mail news

A South Australian company, PSL Services, also known as Peregrine Corporation involved in the operation of service stations, convenience retail outlets and tobacconists recently disclosed a data breach to Mainebiz.

The company administered from its head office in Kensington Park, South Australia told that personal data of its employees including their names, email accounts, some medical information along with other sensitive information may have been accessed illegally between December 16 and December 19, 2019. Other information accessed without authorization includes address, DOB, Driving License Number, Social Security Number and Identifying Numbers of clients for participation in Mainecare.

There have been no speculations made by the corporation as to who is behind the public breach of its confidential data, however, the officials told in an email that there are chances that the criminal behind the incident was trying to force the agency in sending funds electronically which they did not.

Post-incident, the company was subjected to back to back investigations and it refused to specify the number of employees being affected. PSL did not provide other details regarding the incident such as whether the individuals were clients, employees, family members or others. As per some news releases, PSL came to know about the breach on 17th December after some suspicious activity was observed in an employee’s email account, it immediately reported the same to its information services department.

The corporation told that it had “notified the Office of Civil Rights at U.S. Department of Health and Human Services, the Maine Attorney General, and prominent news media outlets throughout the state of Maine.”

Referencing from the statements given by Lori Sanville, executive director, “The contents of a small number of email accounts were exposed,”

“The number is unknown until the data mining is completed. We will then contact anyone affected.”

In regard of the same incident, PSL also contracted with a cybersecurity vendor to further investigate the matter and come up with security measures, as per Sanville. In addition, she told Mainebiz, “We want our clients and the community to know that we take this matter very seriously and that we remain committed to assisting our clients first and foremost.”


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

MGM Resorts data breach exposes details of 10.6 million guests – 10 minute mail

A number of celebrities, government officials and tech CEOs were also caught up in the incident

The personal information of more than 10.6 million former guests of MGM Resorts hotels has been leaked on a hacking forum. The data dump contained a range of Personally Identifiable Information (PII), including full names, home addresses, phone numbers, emails, and birth dates, according to an exclusive ZDNet report.

The list of victims includes celebrities, CEOs of tech companies, well-known reporters, and government officials. Justin Bieber and Twitter CEO Jack Dorsey are both known to be among the high-profile victims.

An MGM spokesperson confirmed for the tech site that the leaked information comes from a data breach that occurred sometime in July last year: “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.”

The spokesperson went on to add that the company was confident that no financial, payment card or password data were leaked in the data dump.

The casino and hotel giant also stated that it takes this breach seriously and that it’s beefing up its security to prevent any such incidents in the future: “At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.”

The data were verified by ZDNet with the help of a security researcher from a data breach monitoring service called Under the Breach.

The hotel guests who were affected by the breach were notified by the hotel chain in August, with some posting about it on a message board aimed at the city’s visitors.

MGM Resorts said that the stolen information is old, a claim that could be backed by the fact that none of the contacted guests have stayed at the hotel past 2017.

The leaked information could be a gold mine for bad actors since it includes the personal details of many potential high-profile targets. The data can be used for spearphishing campaigns or for SIM swapping attacks, a technique used to hack into Jack Dorsey’s Twitter account last year.

Hotel chains are no strangers to large-scale data breaches, which can, in many cases, haunt businesses for years. The MGM leak appears small compared to the Marriot Starwood data breach, which affected hundreds of millions of people. The Trump Hotel Collection and the InterContinental Hotels Group also suffered similar incidents in the past few years.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Facebook Data Breach: API Security Risks – Disposable mail news

In the year 2018 Facebook disclosed a massive data breach due to which the company had to face a lawsuit along with allegations of not properly securing its user data. The breach directly affected the authentication tokens of nearly 30 million of its users which led to the filing of several class-action complaints in a San Francisco appeals court. In the wake of the incident, Facebook pledged to strengthen its security.

A feature, known as “View As” which was employed by developers to render user pages was exploited by hackers to get access to user tokens. The theft of these tokens is associated with the advancement of a major API security risk, it also indicates how API risks can go unnoticed for such a long time frame. The trends in digital up-gradation have further pushed the process of continuous integration and continuous delivery – CI/CD, which are closely related concepts but are sometimes used interchangeably. The main purpose of continuous delivery is to ensure that the deployment of a new code takes the least possible effort. It enables DevOps to maintain a constant flow of software updates to fasten release patterns and reduce the risks related to development.

Conventionally, developers used to work on the parts of an application– one at a time and then manually merge the codes. The process was isolated and time-consuming, it led to the duplication of code creation efforts. However, as the IT ecosystem went on embracing the new CI/CD model and effectively sped up the development process while ensuring early detection of bugs, almost all the security has been commercialized by ace infrastructure providers namely Microsoft and Amazon. The commodities offered include authorization, container protection and encryption of data. Similarly, security components of first-generation firewalls and gateways like the protection of denial-of-service (DDoS) attacks also constitute the infrastructure.

When it comes to navigating and communicating – especially through an unfamiliar space, APIs are a powerful tool with great flexibility in their framework. However, similar reasons also make APIs equally vulnerable also.

While giving insights into the major IT risk posed by APIs, Terry Ray, chief security officer for Imperva told, “APIs represent a mushrooming security risk because they expose multiple avenues for hackers to try to access a company’s data.”

“To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.”

The API threat is basically rooted in its lack of visibility, Subra Kumaraswamy, the former head of product security at Apigee, an API security vendor owned by Google, while putting the risk into the perspective, told: “When you have visibility into your APIs throughout your organization, you can then put controls in place.”

“You might decide that a certain API should only be exposed to in-house developers, not external, third-party ones. If you don’t have visibility, you can’t see who is accessing what.”

While labeling the authorization and improper asset management as areas of key concern, Yalon told, “Authorization mechanisms are complex because they are not implemented in one place, but in many different components like configuration files, code, and API gateways.”

“Even though this sometimes may look like simple housekeeping, having a very clear understanding of the APIs, with well-maintained inventory, and documentation (we whole-heartedly recommend Open API Specification) is very critical in the world of APIs,” he further said.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.