Wishbone, an app popular among teenagers, has suffered a data breach, it has been revealed. The company informed its users of the intrusion in a notification recently, saying it became aware of the data swipe on March 14. The notification says that unknown individuals “may have had access” to the company’s API and used it to nab data on the service’s users. The info may contain more than 2 million email addresses, among other things.
According to the notification, the stolen data includes personal names, telephone numbers, usernames, and email addresses. Anyone who provided their birthday information for the account will also likely have had that data stolen, however the thieves did not acquire any account passwords or financial data.
Wishbone says that it has taken precautionary measures and has started an investigation into the matter. It doesn’t appear the company knows who is responsible for the data breach at this time. Though passwords weren’t taken, Wishbone is encouraging its users to change their passwords just to be safe. The company also suggests that security measures will be implemented to prevent such future events.
The notice goes on to state:
We value your privacy and deeply regret that this incident occurred. Maintaining the integrity of your personal information is extremely important to us. We sincerely apologize for any inconvenience this incident may have caused you.
According to Mortherboard, the data breach resulted in about 2.2 million email addresses and names being taken, as well as 287,000 phone numbers.