Dating app user logins found on hacking forum
A hacker has put up for sale the dates of birth, genders, website activity, mobile numbers, usernames, email addresses and MD5-hashed passwords for 3.68 million users of the Mobifriends dating app
The threat actor, “DonJuji”, posted the hacked logins twice on a popular dark web hackers forum: once for sale, and then for free.
Based in Barcelona, Mobifriends is an online service and Android app designed to help users worldwide meet new people online. As of Monday, Mobifriends hadn’t yet provided a comment on the stolen user data.
The trove of personal details was discovered by the Data Breach Research team at the vulnerability intelligence firm Risk Based Security (RBS). RBS said that as of Thursday, the records were still up for grabs, now offered at the Low! Low! price of $0:
The leaked data sets are currently available in a non-restricted manner despite being originally offered for sale.
RBS says that DonJuji originally posted the data for sale on a prominent deep web hacking forum on 12 January. DonJuji apparently wasn’t the one who stole them, however: the threat actor reportedly attributed the theft to a January 2019 breach. The data was later posted in the same forum for free by another threat actor on 12 April.
The posted data sets have a total of 3,688,060 records, though after removing duplicates, the researchers were left with 3,513,073 unique credentials. RBS says the records appear to be valid.