The Unfortunate Story of Wishbone and What It Tells You about Security

While the world scrambles to control the coronavirus pandemic, cybercriminals have been pouncing on businesses, both big and small. In a CNBC report, large-scale data breaches grew by a frightening 273% within the first three months compared to 2019. Apps are not exceptions. Take, for example, Wishbone.

The Mega Wishbone Breach

Wishbone is a popular mobile app that allows its users to compare anything, as its slogan suggests. They can match celebrities, fashion, food, movies, TV shows – whatever your heart desires.

Usually, users get to vote every morning. However, since this is supposed to be a community, everyone gets to do more than choosing their preferences. For example, the app can feature them.

Users can also connect with friends, meet new people, and see how they voted. They can also create their polls or surveys, among others.

For all these reasons, Wishbone appeals to a younger demographic. That’s one of the reasons the recent data breach on the app is dangerous.

In May 2020, news came out that a group of hackers stole a whopping 40 million records from the site. The data included personal information, such as names, ages, birthdays, usernames, passwords, and mobile phone numbers.

The team eventually sold it in the dark web for a measly 0.85 bitcoin or around $8,000, although they released the full list in a forum.

Besides the fact that the potential victims are young, now more hackers could have access to the same data. Worse, it seems Wishbone hadn’t fully secured their system since they already experienced a breach in 2016.

How Can You Avoid the Same Fate?

You need not build the same big app or platform, such as Wishbone, before you strengthen security. The question is, what can you do?

1. Choose the Right Security System

Usually, with app or site security systems, it’s RASP vs WAF. WAF stands for web application firewall, and it’s the older option between the two. RASP, meanwhile, is run-time application self-protection.

Although WAF is easier to understand, it could generate false positives. It means it could ding a code or an answer to a query as a potential attack when it’s not. It could “kick out” a user, and you could probably lose them forever.

RASP is more comprehensive since it could determine whether the attack is likely to be executed by tracing to its sink. Hence, it lowers the odds of false positives. On the downside, it can be more complicated to use and even intrusive.

The best option is to combine the advantages of both in one security system, such as Virosec. This strategy streamlines the monitoring process of possible data breaches, saving you more time and financial resources.

2. Always Update Your Security System

Data privacy

Hackers are getting better these days, and they are also aggressive. They will always try to find loopholes in an app or site for monetary or pleasurable gains.

Thus, you need to update your system as often as you can. The right security solution can help you spot attacks and hacking trends. Based on these – and with the help of testing – you can identify vulnerabilities these cybercriminals can exploit and create and deliver the right patches.

There’s money in apps. But the story of Wishbone also shows that with this privilege is the responsibility to do your best to secure user information.