Teen quiz app Wishbone hacked, users’ emails and phone numbers exposed

Check your kid’s phone for this app, ASAP: Wishbone. This popular quiz app for kids, tweens and teens has been hacked, according to a report from Motherboard out this morning. The hack involved 2.2 million email addresses, as well as 287,000 phone numbers, many of which are from kids under the age of 18.

The app is operated by the incubator Science, and is one of the more popular social networking applications in the U.S., currently ranking No. 14 in that category on iTunes.

Users have been alerted to the hack by way of an email from the company, which explains that it became aware of the breach on March 14, 2017.

Per the email, hackers appear to have accessed a private API to pull information on Wishbone users. This included usernames, personal names, emails and phone numbers. Some users also opted to provide their date of birth to Wishbone, and, if they did, this information was also included. Wishbone says no passwords or financial information was part of the breach, however.

Users were also alerted via an in-app notification.

The message says that Wishbone is initiating “precautionary measures” as a part of the breach. But Motherboard received confirmation that the vulnerability has now been fixed.

Unfortunately, the data is already out there in the wild, and consists mainly of kids’ personal information. The app’s core demographic is very young users — many who don’t even yet have iPhones, but play with the app on their iPod touch. Thankfully, this limited the amount of phone numbers included in the data breach.

The app, which was created by Science co-founder Michael Jones, previously CEO of MySpace, is a time-waster of sorts. It lets users vote on user-generated polls accompanied by pictures, like which celeb is cuter, or “would you rather…?”-style questions. It’s sort of a modern-day, digital version of teen magazines, as it presents an angle on pop culture and offers visibility into what trends are popular among fellow young users.

In its statement to Wishbone users, Science offered the following apology:

We value your privacy and deeply regret that this incident occurred. Maintaining the integrity of your personal information is extremely important to us. We sincerely apologize for any inconvenience this incident may have caused you. We are continuing to investigate this matter and have taken and will continue to take appropriate action to prevent future similar incidents. Please be assured that we will keep you informed of any developments in the investigation that may be of importance to you.