Hackers selling PII of 3.6m MobiFriends users on dark web forums

Personal information of over 3.6 million users of Android dating app MobiFriends has been put up for sale on Dark Web forums by a hacker. The data was reportedly stolen from MobiFriends' server in January 2019.

Researchers at the Risk Based Security (RBS) revealed that the compromised data was originally posted for sale on a dark web hacking forum on 12th January by a hacker named “DonJuji” and attributed to a January 2019 breach event. The stolen data from MobiFriends was later posted on the same hacker forum in a non-restricted manner by another hacker.

After initial testing, the researchers confirmed that the compromised data included dates of birth, gender, phone numbers, email addresses, usernames, website activity and MD5 hashed passwords of 3,688,060 users of MobiFriends. MobiFriends is based out of Barcelona and has been a popular dating app for years.

“The MD5 encryption algorithm is known to be less robust than other modern alternatives, potentially allowing the encrypted passwords to be decrypted into plaintext,” said researchers at RBS who also found that the stolen data included professional email addresses related to well-known companies like Experian, American International Group (AIG), Virgin Media, Walmart and a number of other F1000 companies.

Companies must implement advanced cloud security measures to protect customer data

Commenting on hackers selling personal information of over 3.6 million users of MobiFriends, Chris DeRamus, VP of Technology, Cloud Security Practice at Rapid7 told TEISS that “to keep customer data and credentials protected from malicious actors, organizations must implement advanced cloud security measures.

“Companies such as MobiFriends should follow the principle of least-privileged access when provisioning identity and access management (IAM) permissions by providing checks to restrict identities from being able to access more than they are granted. This can be accomplished by employing automated security tools that continuously protect systems and servers from IAM vulnerabilities, as well as misconfigurations, policy violations, and other threats to ensure holistic security and compliance.

“Additionally, organizations should implement multi-factor authentication (MFA) for all users, securely manage service accounts and their corresponding keys, and enforce best practices for the use of audit logs and cloud logging roles,” he added.

Tokenisation should be made a part of corporate data-centric strategies

Trevor Morgan, Product Manager at comforte AG, said that considering email addresses, usernames and hashed passwords are examples of valuable information, therefore it is no surprise that hackers are targeting data apps like MobiFriends, which has around four million users because they hold so much critical information.

“There is no guaranteed way to prevent hackers from accessing this data, but there are solutions that protect the valuable information itself. Although the MobiFriends passwords were hashed, companies should look to deploy data security tactics such as tokenization where sensitive information is rendered completely unusable for unauthorized access rather than merely a challenge to decipher.

“Implementing a solution such as tokenization is part of a larger data-centric strategy to be very proactive with sensitive data, to protect it immediately upon collection and then only de-protecting it when absolutely necessary within a controlled internal environment. The tools and processes of data-centric security go hand-in-hand,” he added.

ALSO READ: Hackers selling 267m Facebook user records on the Dark Web for £500

Image Source: MobiFriends

MORE ABOUT: