3.68 Million MobiFriends User Credentials Stolen and Shared on Hacking Forum
May 7, 2020 • RBS
The credentials of nearly 4 million MobiFriends users have recently been discovered by our Data Breach Research team on a prominent deep web hacking forum. The leaked data sets are currently available in a non-restricted manner despite being originally offered for sale.
Based out of Barcelona, MobiFriends is a popular dating application designed to let users meet new people online. According to LinkedIn, the marketplace app was founded in 2005 and has up to 50 employees.
The compromised data sets were originally posted for sale on a prominent deep web hacking forum on January 12th, 2020 by a threat actor named “DonJuji” and attributed to a January 2019 breach event. They were later shared in a non-restricted manner on April 12th, 2020 by a different threat actor on the same forum.
A Risk Based Security researcher confirmed the posting came from a reliable source. After initial testing, the data appears to be valid. The leaked data sets include dates of birth, genders, website activity, mobile numbers, usernames, email addresses and MD5 hashed passwords of 3,688,060 users.
The MD5 encryption algorithm is known to be less robust than other modern alternatives, potentially allowing the encrypted passwords to be decrypted into plaintext.
Moreover, the data leak contains professional email addresses related to well-known entities including:
- American International Group (AIG)
- Virgin Media
- And a number of other F1000 companies
This creates a notable risk of business email compromise as well as potential spear phishing campaigns.
At this time MobiFriends has not responded to our inquiries. We will update this post with new information if and when they do.
The 2020 Q1 Data Breach Landscape
Risk Based Security has found that the number of records exposed in data breaches disclosed in 2020 Q1 has skyrocketed to a record 8.4 billion – a 273% increase. Approximately 70% of 2020’s reported breaches were due to unauthorized access to systems or services and attackers are opting to steal access credentials in the form of passwords in combination with email addresses or usernames.
For a more in depth look into the data breach landscape, download our upcoming 2020 Q1 Data Breach QuickView Report, available on our website from Monday.