Following a data breach incident from January 2019, the personal information of more than 3.6 million MobiFriends users is now up for grabs on multiple online forums.
While the stolen data was initially posted for sale on a dark web forum by alleged bad actor ‘DonLuji’, the data dump has become fully accessible to anyone wishing to download its contents.
The leaked information from the Barcelona-based dating app contains personal identifiable information of 3,688,060 registered users, including MD5 hashed passwords, email addresses, mobile numbers, dates of birth, gender information, usernames, and app/website activity.
The researchers who discovered the compromised data sets also verified their validity, noting that, “the data leak contains professional email addresses related to well-known entities including American International Group (AIG), Experian, Walmart, Virgin Media, and a number of other F1000 companies.”
The consequences of the data leak are greatly amplified since seasoned hackers can easily crack the MD5 encryption algorithm used for encrypting the passwords. Apart from leaving customers exposed to account takeover, users are also vulnerable to spear-phishing and extortion attempts using the combination of professional email addresses and phone numbers.
Even if the data does not include private messages or images, the variety of leaked info is still enough for bad actors to deploy targeted phishing campaigns to gather additional information or financial details from victims.
The company failed to inform customers of the security incident, and no official statement has been released so far.
MobiFriends users should remain vigilant and pay attention to their Inboxes for unsolicited messages. As a precaution, it is advised to immediately change the passwords for any online account that shares the same login credentials as the MobiFriends, and enable two-factor authentication if possible.