It’s bad enough when a really popular app is hacked, but when more than 70% of your users are under 18 and their personal information can now be accessed by some nefarious entities, then that may potentially be a huge problem (well, it actually already is). Social networking quiz app Wishbone, has apparently lost around 2.2 million email addresses and more than 300k cellphone numbers. This unprotected database is apparently circulating the “internet undergrounds” according to breach notification website “Have I Been Pwned?”

If you’re not a teenager and have no idea what Wishbone is, it’s an app that lets you create and vote on two-choice things like “who is better Beyonce or Adele?” or “do you like staying in or going out?”. It has found its niche in bored teenagers, specifically teenage girls. Science Inc, the tech incubator who owns the app, confirmed the breach, saying hackers “may have had access to an API without authorization”. They sent a notification to users and said that the problem has been rectified but they are still investigating how it could have happened.

While you can sign up for the app without providing information, some of the leaked information does contain personal details like birthday, full name, gender, email addresses and cellphone numbers. 70% of the users in a sample of 200 leaked accounts are actually underage girls and boys, so this is actually a serious data breach that will not only leave them vulnerable to theft or spam, but even put them in actual physical danger.

While the owners have said that they have fixed the problem, there should also be an advisory to their young users on how they will be able to protect themselves from possible repercussions now that some of their data is floating out there. Change passwords, don’t respond to unknown messages and emails, etc are just some of the things they can do.

VIA: Motherboard