Posted on May 9, 2020 at 11:15 AM
A popular dating app was compromised yesterday, as millions of user details were stolen and offered for sale on an underground forum. A report revealed that there were about 3.5 million MobiFriends Dating App Credentials leaked.
According to the report, the credentials include usernames, passwords, and emails of users of the dating app and they have been offered for sale on the darknet.
MobilFriends is an Android app that offers social connection services, helping people connect and meet new friends worldwide. The app developers, MobiFriends Solutions, are based in Barcelona.
After multiple attempts to get in contact with MobiFriends solutions, the firm has not responded or given any official statement about the breach.
Leaked details also included MD5 hashed passwords
Researchers revealed that the compromised data also include MD5 hashed passwords, email address, usernames, mobile numbers, website activity, genders, and dates of births of the users.
According to a security analyst at Risked Based Security (RBS), Roy Bass, the compromised data was verified against the official website of the MobiFriends Solutions. The researcher also presented redacted screenshots of the shared details.
RBS stated that the hacker, who goes by the name “DonJuji”, had initially posted details of the hack on a darknet forum on January 12. The hacker said the compromised data were from a hacking incident that occurred in January. However, on the 12th of last month, a different hacker shared the credentials on the same darknet forum. Bass pointed out that no one is sure how the data was obtained this time.
Leaked data includes details of popular Institutions
The RBS researchers have revealed that the leaked data also contained email addresses linked to popular entities, including Virgin Media, Walmart, Experian, American International Group (AIG), and a host of other Fortune 500 companies.
The leaked data also contained MD5 hashed passwords of the users. This type of encryption is regarded as being less sophisticated than other types of encryption. It potentially allows the decryption of the encrypted passwords into plaintext.
On the whole, the researchers said the hackers stole 3,513,073 from the total number of 3,688,060 after removing duplicates.
Attack exposes users to potential attacks in the future
Apart from the infiltrated accounts, Bass pointed out that the attack exposed the victims to spear-phishing campaigns and business email compromise (BEC) attacks.
“It leaves certain users open to spear-phishing or targeted extortion, as we saw a number of professional email addresses in the data,” he said.
Bass further reiterated that others can use the brute-force technique to check the users against other websites since the user credentials have been compromised. An attack of this nature can even lead to further attacks as potential threat actors take advantage of the stolen credentials to launch subsequent attacks. Another dangerous thing is the possibility of launching an attack on a reused credential.
If the user has used the compromised details to access another website, the threat actors can steal vital information from such a website and gain access to more valuable information from social media accounts or banking accounts.
Threat actors can utilize the leaked data in other ways
Bass also opined that since the compromised data included other sensitive information, such as phone number or date of birth, threat actors could have a wide range of compromised data on the user by using the data in conjunction with other breaches. If the threat actors compile enough information and data about the affected user, they could sell it or use it for extortion, identity theft, or other related criminal activities.
Companies have had to endure torrid times because of compromised data. As more employees are now working from home due to the COVID-19 pandemic, vulnerability, and risk of data exposure is even greater.
Cybercriminals are taking advantage of every opportunity to steal credentials of users from different platforms to sell on dark forums or use for other attacks. As a result, security researchers have continually warned users to be more careful about their interactions online. Business organizations have been advised to utilize two-factor authentication on their portals to keep their network more secure.