MobiFriends’ user details were posted online and are currently available for download on multiple destinations. The security breach which caused the compromise of users’ personal details occurred in January 2019.
What type of personal information of MobiFriends users has been exposed?
Fortunately, no sensitive details, such as private messages and images, have been compromised. However, personally identifiable information was exposed, including email addresses, passwords, mobile phone numbers, dates of birth and gender, usernames, and app and website activity.
The hacker who first put the data online for sale says that it was obtained from a data breach that happened in January 2019. At the moment, the same data is shared on various online locations, and in some cases, it is available as a free download.
The passwords exposed in the data leak have been secured with MD5. MD5 is a widely used hash function producing a 128-bit hash value. Even though MD5 was intended to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities and is very weak.
MD5 can be hacked very easily to obtain the password’s initial cleartext version.
Risk Based Security researchers who first noticed the data breach in April 2020, have verified the validity of the data. Furthermore, the data leak contains professional email addresses of well-known entities such as AIG, Experian, Walmart, Virgin Media, and other F1000 companies.
MobiFriends is a popular dating app, based in Barcelona. The app is designed to let users meet new people online.
This is not the first case of a dating app being compromised in a data breach. A year ago, in May 2019, a single database exposed the records of tens of millions of users of dating apps. The database which was discovered by security researcher Jeremiah Fowler was not password-protected. Most of the affected users were Americans, as revealed by the IP addresses and geolocation details.
A total of approximately 42.5 million records were exposed. Dating logs made up 38.3 million records, while 3.87 million contained “geonames”.