As per the Risk Based Security, around 4 million user’s data have been stolen or hacked from dating apps.
The security vendor said that he found that stolen data listed for free in a prominent hacking forum. Earlier it was on sale.
Around 3.7 million users of MobiFriend, a Barcelona-based dating app’s data is there. This info was originally posted by a threat actor named “DonJuji,” but is attributed to a breach in January 2019.
“The MD5 encryption algorithm is known to be less robust than other modern alternatives, potentially allowing the encrypted passwords to be decrypted into plaintext,” warned Risk Based Security.
“Moreover, the data leak contains professional email addresses related to well-known entities including: American International Group (AIG), Experian, Walmart, Virgin Media and a number of other F1000 companies. This creates a notable risk of business email compromise as well as potential spear-phishing campaigns.”
“The increase in records compromised was driven largely by one breach; a misconfigured Elasticsearch cluster that exposed 5.1 billion records. However, even if we adjusted for this incident, the number of records still increased 48% compared to Q1 2019,” said Inga Goddijn, executive vice-president at Risk Based Security.
“Hacking exposed an average of approximately 850,000 records per breach and most breaches originated from outside the organization. We are continually finding that simply meeting regulatory standards or contractual obligations does little to actually prevent a breach from occurring.”