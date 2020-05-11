MobiFriends Data Breach: Expert Commentary

MobiFriends, a popular dating app, announced it suffered a data breach today impacting more than 3.6 million users. The data obtained from this breach includes email addresses, passwords, gender information and phone numbers. Additionally, the stolen passwords were encrypted with MD5, a weak hashing function.

Anurag Kahol, CTO ,  Bitglass
May 12, 2020
To prevent similar incidents and safeguard customer data, organisations must leverage multi-faceted solutions that enforce real-time access control.
Dating apps and sites store massive troves of personally identifiable information (PII) on users, including email addresses, birth dates, genders, and more. Any security complication could result in a devastating breach or leak that would leave victims vulnerable to highly tailored phishing attacks and identity theft for years to come. In this MobiFriends incident, users’ passwords were also exp ....
[Read More >>]
Vinay Sridhara, CTO,  Balbix
May 12, 2020
Even worse, it appears that at least some MobiFriends employees used their work email addresses as well.
Poor credential protection is a wide-spread issue, and time over again, we see breaches reoccur that expose millions of users’ account information due to the lack of simple security measures. Online applications such as MobiFriends that require users to create accounts and that collect personal customer data must at the very least implement basic cyber hygiene. Despite being a consumer applic ....
[Read More >>]
Trevor Morgan, Product Manager ,  comforte AG
May 12, 2020
The tools and processes of data-centric security go hand-in-hand.
Email addresses, usernames and hashed passwords are examples of valuable information. Therefore, it is no surprise that hackers are targeting data apps like MobiFriends, which has around four million users, because they hold so much critical information. There is no guaranteed way to prevent hackers from accessing this data, but there are solutions that protect the valuable information itself. Al ....
[Read More >>]
Chris DeRamus , Co-founder & CTO,  DivvyCloud
May 12, 2020
Companies such as MobiFriends should follow the principle of least-privileged access.
Within the last year, we’ve seen a number of dating apps and sites suffer from major security incidents, such as Heyyo, 3Fun, and Coffee Meets Bagel. These online dating platforms collect and store extremely sensitive information on their users, making them an attractive target to data-hungry cybercriminals. MobiFriends has exposed personal data on millions of users including email addresses, m ....
[Read More >>]
Ben Goodman, Senior Vice President, Global Business and Corporate Development,  ForgeRock
May 11, 2020
Not only does this ensure security, but it also provides users with frictionless, secure digital experiences.
It is always troubling to hear about passwords being stolen in a data breach, especially when the stolen passwords are hashed with MD5,which is infamous for no longer being cryptographically secure. Passwords and usernames have been the primary method of authenticating users for years. However, to ease the pain of remembering multiple sets of login credentials, users fall into the practice of reu ....
[Read More >>]
Scott Gordon, CMO,  Pulse Secure
May 11, 2020
Keep in mind that personal and corporate emails accounts were exposed in this MobiFriends breach.
The MobiFriends breach is noteworthy beyond fueling to the ever-growing volume of consumer PII and login credentials available on the dark web. As consumers often recycle passwords, the enterprise can be at-risk from account takeover attacks. Passwords alone are no longer adequate to verify user access. Keep in mind that personal and corporate emails accounts were exposed in this MobiFriends breac ....
[Read More >>]
Robert Prigge, CEO,  Jumio
May 11, 2020
Cybercriminals can easily obtain these details, pretend to be the real user and commit online dating scams and attacks.
By exposing 3.6 million user email addresses, mobile numbers, gender information and app/website activity, MobiFriends is giving criminals everything they need to execute identity theft and account takeover. Cybercriminals can easily obtain these details, pretend to be the real user and commit online dating scams and attacks, such as catfishing, extortion, stalking and sexual assault. Because onli ....
[Read More >>]

