Wishbone
  • Total Records40,281,006
  • Unique Emails9,709,819
  • Unique Email Providers193,523
  • Unique IP Addresses7,140,903
  • Unique Usernames30,878,398
  • Unique First Names3,971,150

Wishbone Data Breach: What Happened in the 2020 Exposure?

Early in January 2020, the Wishbone mobile app—popular for its social polling and comparison features—suffered a major data breach that put the personal details of over 40 million users at risk. Wishbone users, often teens and young adults, trusted the app to connect and share opinions, but behind the scenes attackers gained unauthorized access to a broad range of sensitive account information. The breach resulted in usernames, email addresses, full names, phone numbers, countries, social media profile links, IP addresses, full birthdates, and even hashed passwords being leaked online. The incident drew attention not just for its scale, but for the nature of the data exposed across more than 40 million unique records, quickly circulating among cybercriminal groups.

When Did the Wishbone Breach Occur?

The breach took place in January 2020, with compromised data making its way through various forums and underground channels soon after. While exact discovery and notification timelines weren't widely disclosed, the incident is widely documented as occurring at the start of 2020, setting off privacy concerns for millions of affected users.

How Many Users Were Impacted?

Over 40 million Wishbone user records were compromised in this breach. This high number highlights the app's broad user base and the large-scale exposure of personal and potentially identifying information tied to each account.

What Data Was Exposed in the Wishbone Breach?

The breach exposed a substantial list of user details, including:

  • Usernames
  • Email addresses
  • Full names
  • Phone numbers
  • Country addresses
  • Social media profiles
  • IP addresses
  • Full birthdates
  • Hashed passwords (using unsalted MD5)

This wide range of information raised the stakes for affected users, as it wasn’t just email and password pairs—full identities and social details were also visible.

Timeline and Aftermath

Timeline specifics emerged quickly after the breach, as the dataset began circulating online by early 2020. The use of unsalted MD5 hashes for password storage was especially notable, as it rendered password protections less effective than more modern methods. The breach's fallout included widespread redistribution of the data and ongoing privacy risks for former and current Wishbone users.

Frequently Asked Questions

What happened in the Wishbone app breach of 2020?

The Wishbone app was breached in January 2020, exposing over 40 million user records containing usernames, emails, names, phone numbers, social profiles, IP addresses, full birthdates, country information, and hashed passwords.

How many people were affected by the Wishbone data breach?

The breach affected 40,281,007 user records, making it one of the more significant app data exposures of the year.

What types of data were leaked in the Wishbone breach?

Leaked data included usernames, emails, full names, phone numbers, countries, social media links, IP addresses, full birthdates, and hashed passwords from the Wishbone user database.

How can I check if I'm in the Wishbone breach?

You can check if your information was part of the Wishbone breach by utilizing the DeHashed search engine.