Updated Notice of Data Security Incident Date: August 14, 2020 Sincerely,
Notice of Data Breach Date: May 23, 2020 Sincerely,
Dear Wishbone users,
This post is to provide updated information regarding the data security incident experienced by Mammoth Media, Inc. that involved the information of Wishbone registered users. Although the incident did not involve your Social Security number, government identification number, or financial account information, we are providing you with information regarding this incident and steps you can take to protect your personal data.
What happened?
On May 20, 2020, Mammoth Media became aware of a data security incident involving the unauthorized access to certain databases for the Wishbone app. Upon learning about the incident, we immediately launched an investigation and engaged an independent digital forensics firm to assist in determining what happened and whether any personal information of Wishbone registered users was accessed or acquired by the unauthorized individual(s) during the incident. Through the course of the investigation, Mammoth Media identified indicators that that a criminal group gained access to Wishbone users’ information on January 27, 2020. We were also able to confirm the categories of information involved in the incident.
What information was involved?
If you registered for Wishbone prior to January 27, 2020, the following information may have been involved in this incident: your name, email address, hashed password, detected time zone/region, gender, bio, and profile picture. If you provided us with your phone number, date of birth, and social media usernames, that information may have been involved as well.
What are we doing?
Mammoth Media took immediate actions to ensure that the unauthorized activity was not on-going and launched an investigation to determine the timeline, source, and scope of the incident.
On May 23, 2020, although the investigation was in its infancy, out of an abundance of caution and in the interest of transparency, we provided email notification to all Wishbone registered users informing them of the incident and the categories of information believed to have been involved in the incident. In addition to the email notification, we published a notice about the incident here.
Mammoth Media also implemented additional measures to enhance the security of our digital environment. Furthermore, we are providing you with information about steps that you can take to help protect your personal information.
What can you do?
It is good practice to regularly change your passwords, including your password for Wishbone. It is also good practice to use complex passwords and not reuse the same password across multiple platforms, apps, or websites.
If you have any questions or concerns about this incident, please email us at ( safety@wishbo.ne ). We are dedicated to protecting the privacy of our users’ personal information and take this incident very seriously. We continue to implement additional security protocols across our business. We value our users’ privacy and deeply regret that this has happened.
Sincerely,
The Wishbone Team
The Wishbone Team
------------------------------------------------------------
We’re writing to let you know about a recent incident concerning your personal information on the Wishbone app.
What happened?
On May 20, 2020, our team became aware of a security issue where we believe an unauthorized individual may have had access to Wishbone’s database through stolen credentials.
What information was involved?
After learning of the incident, we immediately began an investigation and found that some of the compromised data included usernames, emails, phone numbers, timezone/region, full name, bio, gender, hashed passwords and profile pictures. No financial or other sensitive information was involved in the incident.
What we’re doing:
We value your privacy and deeply regret that this has happened. We immediately invalidated any current access methods to user information and updated keys accordingly. We also ensured that all employees or services which require access use cybersecurity approved multi-factor authentication or similar methods. Across the board, we are implementing stronger security and encryption of personal information to ensure the safety of all of our users’ data. We anticipate providing notification to the relevant regulatory authorities shortly.
What you can do:
While we will continue to do our best to secure your account, we encourage you to reset your Wishbone password and to monitor your account for any suspicious activity. If you use the same or similar password for other services, we would recommend you change those passwords as well.
Other important information:
Maintaining the integrity of confidential information is extremely important to us. We are continuing to investigate this matter and will take all the necessary steps to prevent this from happening again.
For more information:
If you have any questions at all, please do not hesitate to email us at ( safety@wishbo.ne )
The Wishbone Team