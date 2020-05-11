It was announced this morning that email addresses, mobile numbers, dates of birth, gender information, usernames, app/website activity and passwords of 3,688,060 users registered on the MobiFriends dating app have been posted online earlier this year and are now available for download. The data was obtained in a security breach that took place in January 2019, according to a hacker who initially put the data up for sale on a hacking forum. Details about how the MobiFriends hack and how the app’s user data was obtained are currently unknown.
EXPERTS COMMENTS
Chris DeRamus , Co-founder & CTO, DivvyCloud
May 11, 2020
These online dating platforms collect and store extremely sensitive information on their users, making them an attractive target to data-hungry cybercriminals. MobiFriends has exposed personal data on millions of users including email addresses, mobile numbers, dates of birth, gender information, and app activity as well as account usernames and passwords. The leaked data and compromised credentials are more than enough information for cybercriminals to launch sophisticated phishing and brute-force attacks against all impacted users. This is especially concerning given that so many users lack strong password hygiene across personal and work accounts. Additionally, some of the emails leaked belong to individuals from high profile companies like Virgin Media, Experian, and Walmart, who could getblackmailed with extortion attempts. To keep customer data and credentials protected from malicious actors, organizations must implement advanced cloud security measures. Companies such as MobiFriends should follow the principle of least-privileged access when provisioning identity and access management (IAM) permissions by providing checks to restrict identities from being able to access more than they are granted. This can be accomplished by employing automated security tools that continuously protect systems and servers from IAM vulnerabilities, as well as misconfigurations, policy violations, and other threats to ensure holistic security and compliance. Additionally, organizations should implement multi-factor authentication (MFA) for all users, securely manage service accounts and their corresponding keys, and enforce best practices for the use of audit logs and cloud logging roles.
