MobiFriends Data Breach Affects 3.68 Million Users

May 11, 2020

The personal details of 3,688,060 users registered on the MobiFriends dating app were posted online earlier this year and are now available for download on numerous online forums.

ZDNet reports the data was obtained in a security breach that took place in January 2019, according to a hacker who initially put the data up for sale on a hacking forum.

According to ZDNet, the data does not contain any private messages, images, or sexual-related content, but does include sensitive details, such as passwords, email addresses, mobile numbers, dates of birth, gender information, usernames, and app/website activity.

Risk Based Security (RBS), US cybersecurity company that first spotted the data online last month, told ZDNet that they verified the validity of the data against the official MobiFriends website. "Moreover, the data leak contains professional email addresses related to well-known entities including: American International Group (AIG), Experian, Walmart, Virgin Media, and a number of other F1000 companies," RBS said.

Fausto Oliveira, Principal Security Architect at Acceptto, says that in this day and age, passwords have become a thing of the past. "There isn't any technical obstacle that would prevent us from moving from a username/password combination to a more secure passwordless multi-factor authentication (MFA). Honestly, passwords should not be used anymore, period," Oliveira notes. "The fact that threat actors were able to access the data in the first place, and went undetected until the data appeared on the Internet, raises questions about how strong the security controls were that protected that data. Now that the data has gone to the public domain, those affected users have their information in the possession of multiple threat actors that presumably are going to use that data to perform password spraying attacks.”

Isabelle Dumont, Vice President of Market Engagement at Cowbell Cyber, adds that until they have experienced a breach, "businesses underestimate recovery expenses, starting with the mandatory notification of the millions of users impacted. This is why cyber insurance, as a financial loss and expenses mitigation solution is a must-have next to cybersecurity tools.”

Terence Jackson, Chief Information Security Officer at Thycotic, notes that the MobiFriends data breach just reinforces that consumers need to utilize a password managers to generate unique passwords for each site or service they access online. :Hackers thrive on leaked or stolen credentials and password reuse the gain access to more personal data. The incident can also be used to reinforce security awareness training for employees and acceptable use of the corporate email addresses.”

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Many of the security screening standards in use today were put in place decades ago. They addressed the threats at the time and employed the security screening equipment that was available.

Poll

Recruiting Diverse Candidates

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

MobiFriends Data Breach Affects 3.68 Million Users

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

MobiFriends Data Breach Affects 3.68 Million Users

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.