Private details of at least 1000 Australians have been exposed by hackers who have cracked the security of an app that is a favourite with teenage girls.

Hackers have stolen a Wishbone app database containing more than 2.2 million email addresses, mobile phone numbers, full names, gender and birth dates and have circulating them on the internet.

Australian security researcher Troy Hunt, who runs the well-known hacking warning site Have I Been Pwned, this week was alerted to the presence of the database being circulated.

Science Inc, the makers of the app, issued a statement to Motherboard that “the vulnerability has been rectified”, indicating that the security flaw that let the hackers in has been fixed although the information is now out there.

Mr Hunt told News Corp Australia that there was at least 995 records where either the number begins with +61 or the email ends with a com.au, indicating that they are Australians.

“Of course there’ll be a lot more Aussie data in there due to the fact that so many of us use Gmail, Outlook etc and have .com email addresses,” he said.

Teach kids about smart online use

“I urge every parent to check with their child to determine if they’ve used this app. Look through the settings of any other app they are using and see if any personal information is stored in them. If it is, try to remove the information, or remove the app all together,” said RJ Gazarek, product manager at password protection firm, Thycotic.

“While a breach like this reminds us of the dangers the internet can bring, it’s important for parents to teach their kids about safe internet habits on an ongoing basis.

“While the internet has brought us many great treasures, it’s availability on smartphones, tablets, laptops, and gaming devices makes the exposure and use of the internet nearly impossible to avoid.

“Whether a child uses an app on their smartphone, a computer at school, or borrows a friends phone to play around on, the dangers are there and it’s important to teach kids how vital it is never to put any personal information into these apps.”

How to avoid your details falling into the wrong hands

Nathan Wenzler, chief security strategist at AsTech security company, said identify theft was “incredibly problematic”, particularly for teenagers who had a “what’s the big deal?” approach to the problem.

“Parents must help their children understand why protecting their identity is important, especially before they’ve reached adulthood and will be opening back accounts, credit lines and applying for loans,” he said.

“Not sharing personal information when asked for it, using strong passwords and changing them on a regular basis, and learning to monitor for strange activity or new accounts being opened in their names are all important concepts that should be taught.”

Mr Wenzler urged parents to perform online searches periodically to see it their children’s information has been exposed online.

Share your comments below.

Stock photo

We may get commissions for purchases made using links in this post. Learn more.