Moonly app data breach exposes employee credentials and user GPS locations

The Moonly app, a mobile application developed by Cosmic Vibrations Inc. to provide users with lunar tracking, astrological insights, and related spiritual content, has suffered a significant data breach, leaking sensitive employee credentials and the GPS locations of millions of users. The breach has also cast doubt on the company’s purported US headquarters, suggesting it may be primarily operated from Russia.

On June 18th, researchers at Cybernews discovered an unsecured Google Cloud Storage bucket belonging to Cosmic Vibrations. The bucket contained a database backup from April 19th, 2024, which exposed admin credentials and private data of six million Moonly users. This data included exact GPS coordinates, potentially revealing users’ home addresses.

The leaked information encompassed user metadata, email addresses of 90,000 customers, AI-generated content, astrological data, and employee credentials. Though the passwords were hashed using a secure algorithm, they could still be vulnerable to cracking, potentially leading to further unauthorized access.

Further investigation by Cybernews revealed that the company’s employees accessed Moonly’s systems from Russia, Belarus, and Indonesia, with no connections from US IP addresses. The bucket’s naming conventions and the presence of Russian surnames among the “Admin” users suggested a strong Russian link. Despite officially listing its headquarters in San Francisco, Cosmic Vibrations has not been transparent about its operations in Russia.