MobiFriends Data Breach Affects 3.68 Million Users

May 11, 2020

The personal details of 3,688,060 users registered on the MobiFriends dating app were posted online earlier this year and are now available for download on numerous online forums.

ZDNet reports the data was obtained in a security breach that took place in January 2019, according to a hacker who initially put the data up for sale on a hacking forum.

According to ZDNet, the data does not contain any private messages, images, or sexual-related content, but does include sensitive details, such as passwords, email addresses, mobile numbers, dates of birth, gender information, usernames, and app/website activity.

Risk Based Security (RBS), US cybersecurity company that first spotted the data online last month, told ZDNet that they verified the validity of the data against the official MobiFriends website. "Moreover, the data leak contains professional email addresses related to well-known entities including: American International Group (AIG), Experian, Walmart, Virgin Media, and a number of other F1000 companies," RBS said.

Fausto Oliveira, Principal Security Architect at Acceptto, says that in this day and age, passwords have become a thing of the past. "There isn't any technical obstacle that would prevent us from moving from a username/password combination to a more secure passwordless multi-factor authentication (MFA). Honestly, passwords should not be used anymore, period," Oliveira notes. "The fact that threat actors were able to access the data in the first place, and went undetected until the data appeared on the Internet, raises questions about how strong the security controls were that protected that data. Now that the data has gone to the public domain, those affected users have their information in the possession of multiple threat actors that presumably are going to use that data to perform password spraying attacks.”

Isabelle Dumont, Vice President of Market Engagement at Cowbell Cyber, adds that until they have experienced a breach, "businesses underestimate recovery expenses, starting with the mandatory notification of the millions of users impacted. This is why cyber insurance, as a financial loss and expenses mitigation solution is a must-have next to cybersecurity tools.”

Terence Jackson, Chief Information Security Officer at Thycotic, notes that the MobiFriends data breach just reinforces that consumers need to utilize a password managers to generate unique passwords for each site or service they access online. :Hackers thrive on leaked or stolen credentials and password reuse the gain access to more personal data. The incident can also be used to reinforce security awareness training for employees and acceptable use of the corporate email addresses.”

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

MobiFriends Data Breach Affects 3.68 Million Users

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

MobiFriends Data Breach Affects 3.68 Million Users

Related Articles

The latest news and information

Content written for business-minded executives who manage enterprise risk and security