MobiFriends Suffers Data Breach: 4 Million Accounts Compromised

Mobile dating service, MobiFriends, is the latest to suffer from a data breach. In all, roughly 4 million accounts have been compromised.

Finding that one true love can be difficult these days. Between barely making ends meet thanks to working two low paying jobs and having a mountain of student loans dragging you down financially which netted you a higher education degree/diploma that turned out to be worthless in the world of employment, dating can be next to impossible. That is generally a big reason why many turn to online dating. Some services are paywalled while others are free.

Most of the time, online dating tends to lead to depressing results. There are the countless hours spent sifting through profiles and sending well thought out messages. Then, there are the countless bots that try to hit you up with money. Even when you are lucky enough to find someone to meet with, their online description tends to not match their real life appearance or they end up being someone you wouldn’t want to date again. For most people, it’s a very depressing endeavour that typically ends with you feeling more alone than ever before and who knows how many hundreds of dollars lighter.

While some people end up feeling like they’ll be alone forever and leaving the online dating scene with nothing but debt and regret, imagine the insult added to injury when their dating service of choice wound up being the subject of a data breach on top of it all. That is exactly what is happening with users of MobiFriends. Security vendor, Risk Based Security, found the database floating around in the hacking community. From Info-Security Magazine:

The security vendor said it found the data on a prominent hacking forum — now free for anyone to access, although it had been previously up for sale.

It’s associated with nearly 3.7 million users of MobiFriends, a Barcelona-based dating app. The information was originally posted to the forum in January of this year by a threat actor named “DonJuji,” but is attributed to a breach in January 2019.

The data includes dates of birth, gender, website activity, mobile numbers, usernames, email addresses and MD5 hashed passwords.

“The MD5 encryption algorithm is known to be less robust than other modern alternatives, potentially allowing the encrypted passwords to be decrypted into plaintext,” warned Risk Based Security.

“Moreover, the data leak contains professional email addresses related to well-known entities including: American International Group (AIG), Experian, Walmart, Virgin Media and a number of other F1000 companies. This creates a notable risk of business email compromise as well as potential spear-phishing campaigns.”

MobiFriends has yet to respond to the researchers who found the data.

May is proving to be extremely eventful on the security front. In fact, we basically had to tear ourselves away from the chaos on the security front to cover other things every so often. This month started off with Webkinz suffering from a data breach. That saw 23 million accounts compromised. This was followed up by the GoDaddy data breach. Shortly after, we saw the Tokopedia data breach. In that one, 91 million accounts were compromised. That breach also sparked a lawsuit as well.

After that, we saw the Unacademy data breach. That saw 22 million accounts compromised. The very next day, we reported on the Cam4 data leak. That saw 10 billion records exposed (no, that is not a typo: billion with a “b”). This was followed up by the most ironic data breach all month: the WeLeakData data breach. That saw hacker information compromised and sold on the dark web. It’s ironic because that is a site that specializes in the buying and selling of stolen data.

With this latest data breach, all we can say for the month is: “one more to add to the pile over there.” This month just seems like one endless supply of security stories – and it just keeps going.

Drew Wilson on Twitter: @icecube85 and Facebook.



1 Trackback or Pingback

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: