Parent warning: Social media hack reveals personal details of Aussie teens.

Video by Science Inc.

Popular social media app loved by teenage girls, Wishbone, has been hacked according to internet security website Motherboard

At least 1000 Australian teen girls have had their private details stolen and released online.

Parents are being urged to check if their daughters use the app and if so, to remove any personal information stored on it. We’re also being asked to remind children not to share personal information online via apps and websites.

Wishbone is one of the most popular apps among teenagers, regularly ranking in the Top Ten in the U.S. It launched in 2015 and rose up the ranks, allowing users to ask their social network for their opinion on anything from outfit choices to fads and trends.

Users post two options for their social media followers to vote on. Image: Wishbone, Baum Mobile

Hackers reportedly stole the Wishbone app database with over 2.2 million email addresses, phone numbers, names, genders and dates of birth.

Australian security researcher Troy Hunt, who runs the site Have I Been Pwned? discovered the database from the Wishbone was being circulated. At this stage the identity of the hackers is unknown.

Science Inc., the tech incubator that owns the app confirmed the breach on Wednesday in a statement emailed to Motherboard, saying hackers "may have had access to an API without authorization."

"The vulnerability has been rectified," Science Inc's co-founder and general counsel Greg Gilman wrote in the email. Makers of the app, Science Inc, notified users that their details may have been compromised.

This is the image parents have been asked to check for on their teens devices. Image: Social media app, Wishbone

The notification was shared on the website Pastebin. It read:

We are writing to inform you of a recent incident concerning your Wishbone account information.

On March 14, 2017 Wishbone became aware that unknown individuals may have had access to an API without authorization and were able to obtain account information of its users.

The information involved in the incident included Wishbone users’ user names, any personal names provided by users during account registration, email addresses, and telephone numbers. If you elected to provide date of birth information, such information was also included in the incident. However, no passwords, user communications or financial account information were compromised in the incident.

Upon learning of the incident, Wishbone immediately acted to investigate and initiate precautionary measures.  Although no passwords were compromised in the incident, you may wish to consider changing your password as a preventative measure.

We value your privacy and deeply regret that this incident occurred.  Maintaining the integrity of your personal information is extremely important to us. We sincerely apologize for any inconvenience this incident may have caused you.  We are continuing to investigate this matter and have taken and will continue to take appropriate action to prevent future similar incidents.  Please be assured that we will keep you informed of any developments in the investigation that may be of importance to you.

If you have any questions, please do not hesitate to reply to this e-mail. If you are receiving this via in-app communication, please reply to us at [email protected]


The Wishbone Team

Parents share their favourite apps. Article continues...

Tech expert Trevor Long says unfortunately we are living in an ever increasing digital world and it's becoming more and more difficult to start using apps and services without handing over some of your personal information.

He says this leaves everyone vulnerable if the service is then hacked.

"The best advice I have is to create an alternate online profile for yourself," he told Mamamia. Do this early and it will become second nature.  An email account that you only use for app sign ups, that you don't use for personal communication or any banking or important information.  A date of birth you can remember (it may be a siblings) but that is not your own, and even consider an alternative surname or christian name.

"This alternate profile can mean that while you and your friends know who you are, if the information is exposed, they have no access to identity theft via your name and birthdate."

Otherwise, importantly, keep different passwords for as many apps and services as you can, only fill out the absolutely necessary information, and try to limit where you link services to your Facebook profile."

Parents and users wanting to find out if their details are among those that have been stolen can do so by using the website Have I Been Pwned?

Have you ever had your personal details compromised? Share your story in the Comments below.


More articles