An online dating application hacked, 3.6 million users affected

The relatively detailed personal information of 3,688,060 users of the popular online dating app MobiFriends has been publicly posted by the hacker and is now available for download. This was the result of a data attack targeting the platform more than a month ago, but the details of the case have so far been revealed.

The stolen data is currently shared widely on many online forums, even as a free download in some cases.

Although the leaked data does not contain any private messages, photos or content related to MobiFriends users, it includes many other sensitive personal information, such as email addresses, mobile phone number, date of birth, gender information, username and activity of the application / website. These are all types of information that can allow malicious agents to use as "materials" to deploy phishing attacks via email or SMS in order to steal login information and other types of personal data. valuable.

More seriously, among the leaked data there was a user account password. These passwords are secured by MD5, a fairly weak hashing function, which can be easily cracked by skilled hackers.

Risk Based Security (RBS), a US-based cybersecurity firm, was the first organization to discover this leaked data warehouse online last month. RBS then proceeded to verify the validity of the data for the official website of MobiFriends.

Currently, individuals with information leaked in this violation will face a high risk of being attacked by fraud or blackmail. Furthermore, the username, email and password obtained from this breach may also be used for brute-force attacks targeting accounts on other websites where MobiFriends users may have used Use the same login information.

It's still unclear how MobiFriends is hacked, as well as how hackers can steal application user data. This can be caused by a vulnerability in the server, API, or by MobiFriends to expose the online database without setting a password.

MobiFriends, a Barcelona-based online dating platform founded in 2005, has remained silent about the incident and has not responded to requests for comment from major technology newspapers.

If you are using MobiFriends, you should immediately change your password and account login information.