Threat Watch

MobiFriends Dating App Suffers Data Breach Affecting 3.6 Million Users

Recently, personal details for 3,688,060 users of the dating app MobiFriends have been posted online, with many sites offering it for free. While the breach data is from January 2019, the data contains Personally Identifiable Information (PII) such as hashed passwords, email addresses, mobile numbers, dates of birth, gender information, usernames, and app/website activity. Passwords were stored as an MD5 hash, which is a weak hash that can be cracked with relative ease. 

MobiFriends has remained completely silent on the issue and has not even warned its user base of the ongoing situation.

ANALYST NOTES

Because passwords were leaked as a crackable hash, Binary Defense recommends changing passwords on MobiFriends and any site that uses the same password. All the information contained in these dumps can be leveraged in spearphishing attacks by threat actors in the future. Binary Defense recommends keeping an eye out for any sexual-themed phishing messages using PII obtained in this breach.

https://www.zdnet.com/article/dating-app-mobifriends-silent-on-security-breach-impacting-3-6-million-users/