Wishbone Breach: Hacker Leaks Personal Data of 40 Million Users – Disposable mail news

Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like usernames, contact numbers, email addresses, Facebook and Twitter access tokens, DOBs, location, gender, and MD5 hashed passwords. Researchers have confirmed the authenticity of the data that has found to be accurate – belonging to the users who have used the app. It could be used by attackers to carry out various malicious activities such as phishing campaigns, identify thefts, credential stuffing attacks, and account takeovers.

Wishbone is a mobile survey app that provides users a social platform to compare social content, the app hasn’t disclosed its total user count in recent times, Wishbone has been enlisted as one of top 50 most popular social networking apps in iOS App Store for years now, also making it to the top 10 in its prime.

This breach came as the second-largest security incident in the last three years for the app, earlier in 2017, hackers breached around 2.2 million email addresses and 287,000 phone numbers. It mainly contained kids’ personal details. However, the recent breach mainly consists of numbers belonging to young women.

According to the reports, the database was circulating secretly since March, it has been put up for sale on dark web forums for thousands of dollars. Later, ‘ShinyHunters’, a dark web trader who allegedly leaked the data, stated that they will be publishing the data for free after individuals began reselling it.

While commenting on the matter, senior vice president of data security specialists comforte AG, Mark Bower said, “It looks like security and privacy have been an afterthought, not a matter of culture and software development process. If the passwords are hashed with MD5, then the users affected should be immediately making sure their ID’s and passwords aren’t used elsewhere with the same password. MD5 is a goner as far as security is concerned but used by mistaken developers unfamiliar with its security risks or using older code libraries using MD5. Hashed MD5 passwords aren’t difficult to brute force. The bigger issue here is the personal data though – so now attackers have a bunch more data for social engineering.”

Security experts have recommended Wishbone users to update or change their passwords and stay wary of any suspicious activity in their account.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Co-founder of Qiwi Solonin provided Durov a loan of $17 million – Disposable mail news

Sergey Solonin, one of the founders of the Russian payment service Qiwi Group, decided to re-loan his investment in the blockchain project of Pavel Durov, the founder of Telegram and Vk, Telegram Open Network (TON), giving him a loan. In 2018, he invested $17 million in this project.

Recall that in 2018, the co-founder of Qiwi invested $17 million in TON. At that time, 175 investors participated in the project, who invested a total of $1.7 billion. The founder of the blockchain project stated that any project based on TON developments or using this name will not be related to Telegram.

On May 12, Durov announced the closure of the TON blockchain platform project and the Gram cryptocurrency blaming the American court. The TON blockchain platform was supposed to start working in October 2019, but then the U.S. Securities and Exchange Commission (SEC) initiated legal proceedings, demanding to recognize that the Gram cryptocurrency is securities, and therefore could not be registered in a simplified form, according to American law. Due to litigation, the launch of TON was postponed several times.

Before closing the project, Durov offered investors based outside the United States two options for choosing: to withdraw 72% of the funds invested in TON and Gram or to receive 110% of the originally invested amount by April 30, 2021. Only one option was offered to US residents – to return 72% of investments.

“Most of the investors with whom I spoke will take 72% of the initial investment,” said Durov.
“I decided to re-loan his investment. Pavel has a smart team, I hope they will come up with something,” said Mr. Solonin.

Solonin expects that the Telegram founder will be able to find new sources of income or a way to finance the company further within a year.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Apple’s Plan to Pay $500 Million to Settle Lawsuit Over ‘Secretly Throttling’ Older iPhones Gets Preliminary Approval

Apple in March agreed to pay $500 million to settle a class action lawsuit that accused the company of “secretly throttling” older iPhone models, and now the settlement has been preliminarily approved by a judge.


According to Law360, U.S. District Judge Edward J. Davila in a Zoom hearing provided preliminary approval but said that he wants to extend the final approval deadlines due to the ongoing health crisis. Apple’s lawyers have been instructed to propose a new date for a settlement approval hearing that will take place sometime in December.

If the settlement is approved, it will put an end to dozens of lawsuits that were levied against Apple and ultimately consolidated into one class-action suit in May 2018. The lawsuits were filed against Apple after Apple confirmed that it introduced software to throttle the maximum performance of some older ‌iPhone‌ models with chemically aged batteries no longer capable of supporting full power to prevent these devices from shutting down unexpectedly.

Apple 2017 released iOS 10.2.1 with performance management software that had the throttling built in, but made little mention of the change in the software’s release notes. The throttling was discovered by Primate Labs founder John Poole when he noticed lower than expected benchmark scores, and there was a major public outcry after it was discovered Apple was limiting performance.

Apple apologized for its lack of communication and ultimately launched a battery repair program that dropped the price of battery replacements to $29 through the end of 2018. Because the throttling kicks in when an ‌iPhone‌ has a degraded battery, a battery replacement effectively fixes the issue.

Apple in iOS 11.3 introduced a new feature that allows users to see the current health of their batteries, and it turned off the performance management feature by default until an unexpected shutdown occurs. Though agreeing to settle the case, Apple has maintained that it did nothing wrong legally.

If approved, the settlement will provide every affected ‌iPhone‌ user in the class with $25. The amount could increase or decrease somewhat depending on legal fees and the aggregate value of the approved claims. If the payouts, attorney fees, and expenses don’t add up to at least $310 million, class members could receive up to $500 apiece until that minimum is reached.

Apple has email addresses for most class members, so attorneys for both sides believe there will be a high claims rate.

The lawsuit includes all former or current U.S. ‌iPhone‌ owners that have the ‌iPhone‌ 6, 6 Plus, 6s, 6s Plus, 7, 7 Plus, and SE, running either iOS 10.2.1 or later or iOS 11.2 or later, and who ran these versions of iOS prior to December 21, 2017.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Data of 9 million customers of the Russian courier service CDEK leaked – Disposable mail news

Data belonging to nine million customers of the CDEC Express transportation service was put up for sale on the Web for 70 thousand rubles ($950). This is the largest leak of personal data in Russian delivery services

Telegram channel In4security noticed that the database contains information about the delivery and location of goods and information about buyers, including Tax Identification Numbers. The seller of the database sent the author of the Telegram channel screenshots dated May 8, 2020. This indicates that the databases are fresh.

The CDEC claims that there was no data leak from the company. As the representative of the service stressed, personal data is collected by many companies, including state aggregators, the leak could have occurred on any of these resources.

Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies, said that this is the largest leak of personal data from Russian delivery services. He notes that the information of CDEC users is not leaked for the first time: previously, customers of the delivery service complained that personal data of other people is visible on the company’s website due to vulnerabilities.

Head of Security Department of SearchInform Alex Drozd warned that after leaks there are always calls from scammers. They call the victim and introduce themselves as company employees and try to find out information about billing information.

The interest of fraudsters in the data of courier services may be associated with an increase in demand for their services during the coronavirus pandemic and self-isolation.
The company also recalled that recently, cases of detection of fraudulent sites that act on behalf of CDEC have become more frequent.

It should be noted that in recent weeks, there has been an increase in phishing sites: online cinemas, online stores, training courses, legal advice, government portals.  Earlier, Disposable mail news reported that Russia has bypassed the USA in hosting for phishing resources.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Over 160 million user records put up for sale on the dark web – 10 minute mail

Eleven companies, ranging from online marketplaces to news websites, have had their user databases poached

More than 164 million user records stolen from almost a dozen companies have been put up for sale on the dark web in recent days. The data trove is being peddled by a cybercriminal collective going by the name Shiny Hunters for a combined asking price of some US$23,100.

The cache includes 91 million user records stolen from Tokopedia, Indonesia’s largest online store, and offered for sale in early May. In a later development, multiple cyber-threat intelligence companies told BleepingComputer that Shiny Hunters have started uploading records from new data breaches.

The new records include data pilfered from home meal kit delivery service HomeChef, photo print service Chatbooks, and college-oriented news website chronicle.com. The data runs the gamut and includes names, phone numbers, email addresses, password hashes, social media access tokens and a range of Personally Identifiable Information. The hacker group did not discriminate, and the full list comprises data from 11 companies based in various parts of the world, notably Asia and the United States:

  • Tokopedia, 91 million records for US$5,000
  • Homechef, 8 million records for US$2,500
  • Bhinneka, 2 million records for US$1,200
  • Minted, 5 million records for US$2,500
  • Styleshare, 6 million records for US$2,700
  • Ggumim, 2 million records for US$1,300
  • Mindful, 2 million records for US$1,300
  • StarTribune, 1 million records for US$1,100
  • Chatbooks, 15 million records for US$3,500
  • The Chronicle of Higher Education, 3 million records for US$1,500
  • Zoosk, 30 million records for US$500

Chatbooks, one of the victims has already notified its users about the data breach; the other affected companies should follow suit soon, since they have been notified about the breaches to their systems.

RELATED READING: Cybercrime black markets: Dark web services and their prices

If you are a user of any of these services, you should immediately change your passwords. To add an extra layer of security, consider turning on two-factor authentication if the websites offer such an option. Perhaps auditing the security of your other accounts is in order as well, especially if you tend to recycle your passwords.

Meanwhile, Shiny Hunters have also claimed responsibility for allegedly hacking Microsoft’s GitHub accounts, threatening to release the reportedly stolen private projects. The Redmond giant has yet to confirm or deny if their GitHub account has been breached, although an unnamed Microsoft employee did actually confirm that the data was genuine.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Apple Awards $10 Million to COVID-19 Testing Kit Maker From Advanced Manufacturing Fund

Apple has announced it is awarding $10 million from its Advanced Manufacturing Fund to COPAN Diagnostics, a market leader in sample collection kits that play a critical role in COVID-19 testing across the United States.


The funding aims to allow COPAN to rapidly accelerate the supply of sample collection kits for hospitals across the U.S., expanding production from several thousand today to more than one million kits per week by early July.

Apple says it will also support COPAN’s expansion to a new, larger facility in Southern California that will be built out with advanced equipment that Apple is helping to design.

“We feel a deep sense of responsibility to do everything we can to help medical workers, patients, and communities support the global response to COVID-19,” said Jeff Williams, Apple’s chief operating officer. “COPAN is one of the world’s most innovative manufacturers of sample collection kits for COVID-19 testing, and we’re thrilled to partner with them so they can expand as we work to address this critical issue for our nation. I couldn’t be prouder of our teams for bringing all of their energy, passion, and innovative spirit to supporting the country’s COVID-19 response.”

“We’re excited to forge this new relationship with Apple, whose teams are already making a huge difference with our efforts to scale up the production of our sample collection and transport kits,” said Norman Sharples, CEO of COPAN Diagnostics. “Collection and transport kits are a critical component in the fight against COVID-19. At COPAN, we’re excited and grateful for this partnership with Apple as our strong beliefs of innovation, quality, and excellence in manufacturing and design are perfectly aligned. Apple’s operational expertise will help us increase delivery of important pre-analytical tools for medical professionals across the country at this critical time.”

Apple is sourcing equipment and materials for the project from companies across the U.S., including including equipment Apple is helping design from K2 Kinetics, based in York, Pennsylvania, and MWES in Waukesha, Wisconsin.

Apple has donated several million dollars toward the global COVID-19 response, including Global Citizen and America’s Food Fund. It has also designed and distributed almost 10 million face shields, sourced over 30 million face masks for healthcare professionals, and developed a COVID-19 exposure notification API for use by public health authorities around the world.

CEO Tim Cook announced Apple’s $1 billion Fund for Advanced Manufacturing Jobs in May 2017. The other major benefactor since then has been Corning, the makers of Gorilla Glass).

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Almost a million WordPress websites targeted in massive campaign – 10 minute mail

An unknown threat actor is exploiting vulnerabilities in plugins for which patches have been available for months, or even years

More than 900,000 WordPress websites have been targeted by an unidentified bad actor in a large-scale hacking campaign over the past week. Defiant, which makes Wordfence security plugins for the web publishing platform, said that it started noticing and tracking a spike in attacks targeting especially Cross-Site Scripting (XSS) vulnerabilities on April 28th. The large-scale campaign ultimately resulted in a 30-fold increase in attack traffic.

Based on the malicious payload, Defiant suspects that most of these attacks are being carried out by a single malicious actor. According to Wordfence QA engineer Ram Gall, the cybercriminal started off with a small volume of attacks and didn’t ramp up their efforts until last week, with the campaign peaking at 20 million attempted attacks against more than half a million websites on May 3rd.

“Over the course of the past month in total, we’ve detected over 24,000 distinct IP addresses sending requests matching these attacks to over 900,000 sites,” he added. The ne’er-do-well targets Cross-Site Scripting (XSS) as well as other vulnerabilities in an attempt to inject malicious code into the websites that then redirect visitors to malvertising sites.

It is worth noting that security updates are available for the flaws under exploitation, and that the patches were rolled out months and, in some cases, even years ago.

Three of the five targeted vulnerabilities are XSS related. One of them affects the Easy2Map plugin, which accounted for more than half of the attacks and is likely installed on less than 3,000 websites. The second security hole resides in Blog Designer and was patched last year; it has been targeted before and Defiant estimates that there are approximately 1,000 vulnerable installations. The third XSS vulnerability is found in the Newspaper theme, which has also been at the center of attacks in the past and has been patched since 2016

The last two are options updates vulnerabilities. One affects the WP GDPR Compliance plugin that has been patched since 2018 and we previously wrote about a campaign that attempted to seize control of websites using the plugin. The other affects the Total Donations plugin that was permanently pulled from the Envato Marketplace in 2019. Each of the vulnerabilities allow hackers to change the site’s home web address.

The researchers suspect that the attacker is skilled enough to target other vulnerabilities in the future. The best advice for WordPress site admins is as old as the hills: keep the core WordPress software and all plugins up-to-date. It’s also important to ditch any abandoned or no-longer-needed plugins, since they only increase the attack surface of a WordPress installation.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disney+ Streaming Service Now Has 54.5 Million Subscribers

Disney+ now has 54.5 million subscribers worldwide, a new total announced today during the company’s quarterly earnings call.


That means Disney has gained 4.5 million Disney+ subscribers since April 8, when it said that Disney+ had 50 million subscribers. Disney+ launched in November and has grown to almost $55 million subscribers over the course of the last six months.

Disney’s significant growth earlier this year came from launches of the service in the UK, Ireland, Germany, Italy, Spain, Austria, France, Switzerland, and India, but the service has also seen a boost with everyone sheltering in place and working from home.

54.4 million subscribers is well ahead of Disney’s projected figures for the growth of Disney+. When the service launched, Disney estimated that it would see 60 to 90 million subscribers worldwide by the end of 2024, but if the current growth rate keeps up, Disney will hit that goal this year.

Apple has not provided subscriber numbers for Apple TV+, so there’s no direct comparison to make to Disney+. Apple has been providing a free year of service to everyone who purchases a new Apple device, so it will take some time before Apple has large numbers of paying subscribers.

Disney+ has a major edge over ‌‌‌Apple TV‌‌‌+ because Disney has an established catalog of content along with many popular Star Wars and Marvel franchises to offer. “The Mandalorian,” the key show Disney+ premiered with, received more attention than any of ‌‌‌Apple TV‌‌‌+’s launch shows, including “The Morning Show,” “Dickinson,” “See,” and “For All Mankind.”

Though Disney+ growth is solid, Disney lost about $1 billion in operating income in the March quarter due to the shuttering of its theme parks worldwide, including Disneyland in Anaheim, California and the Walt Disney World Resort in Orlando, Florida.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

In April, experts identified 18 million cyberattacks on Russian companies working remotely – Disposable mail news

According to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February.

Hackers select the username and password from an employee’s account to log into the corporate infrastructure, explains Kaspersky Lab’s antivirus expert Dmitry Galov.

According to him, such attacks are the simplest. Hackers use, for example, dictionaries of popular passwords or passwords from leaked databases.

Brute force passwords are used on average in 70% of attacks on remote desktops using the RDP protocol.

Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.

“After gaining access, a hacker can, for example, launch an encryption virus into the corporate network to offer the management to buy the decryption code”, said Dmitry Galov.
Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch, agreed that less experienced hackers sell data for access to more advanced colleagues. He noted that in recent months, offers of access to corporate infrastructure has grown on the black market from the price of $5-10 to tens of thousands of dollars.

According to the results of the first quarter of 2020, the number of offers for selling access around the world is 69% higher than in the previous quarter. The growth of such attacks in Kaspersky Lab is associated with a hasty transition to remote work: IT-services of companies were more concerned with organizing a remote workstation than with its security.

To protect against attacks, Kaspersky Lab recommends that companies use a corporate VPN and two-factor authentication and that employees set complex passwords.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Apple Has Shipped 7.5 Million Face Shields to Healthcare Workers Worldwide

Apple in early April tapped its engineers and supplier companies to construct face shields for medical workers around the world, and Apple has now shipped a total of 7.5 million face shields.



Apple CEO Tim Cook announced the news during today’s earnings call covering the second fiscal quarter of 2020. Apple is continuing to construct and ship one million face shields each week.

Cook also said that Apple’s COVID-19 screening app has been downloaded more than two million times, and the web version of the site has been accessed by 3 million unique visitors. Apple’s U.S. COVID-19 app was developed in partnership with the CDC, FEMA, and the White House Coronavirus Task Force.

In addition to constructing and shipping face masks, Apple has sourced and donated more than 20 million N95 masks to healthcare workers around the world, which are critical for those who are exposed to COVID-19 on a daily basis.

Apple has also donated millions of dollars to various causes dedicated to cutting down on the spread of COVID-19, and has developed an exposure notification API that public health authorities will be able to adopt to create apps that will help track coronavirus exposure.
This article, “Apple Has Shipped 7.5 Million Face Shields to Healthcare Workers Worldwide” first appeared on MacRumors.com

Discuss this article in our forums


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.