Over 3.6M Users Impacted In Dating App Breach – Expert Commentary

Dating apps require users to disclose, detailed and often sensitive, personal information, a relative gold mine for various types of attacks and threat actors. In the case of MobiFriends, mobile numbers, dates of birth, gender, usernames, passwords, user interests and their activity for over 3.6 million users were breached and posted on the dark web. This information could be used in delivering more targeted attacks against individual users but the breach also disclosed the corporate email addresses of the users, attributing them to many, well-known, F1000 companies. What is more concerning is the potential for sensitive information, specifically around the behaviors and activities of the users, that could be leveraged to extort individuals who may not want that information exposed. Although the initial breach vector has yet to be disclosed, it was likely a weakness in app infrastructure and/or source code. It is quite telling that the app is available in Google Play but not the App Store as Apple conducts an in depth security review of apps before being allowed on the platform. Regardless of the cause, it is crucial for companies to have full visibility into their technology infrastructure and source code so they can rapidly detect security threats and find exposed vulnerabilities before attackers do. When a breach of this scale occurs, it reminds us of the necessity for businesses to have a strong security posture.  Read Less

Within the last year, we’ve seen a number of dating apps and sites suffer from major security incidents, such as Heyyo, 3Fun, and Coffee Meets Bagel. These online dating platforms collect and store extremely sensitive information on their users, making them an attractive target to data-hungry cybercriminals. MobiFriends has exposed personal data on millions of users including email addresses, mobile numbers, dates of birth, gender information, and app activity as well as account usernames and passwords. The leaked data and compromised credentials are more than enough information for cybercriminals to launch sophisticated phishing and brute-force attacks against all impacted users. This is especially concerning given that so many users lack strong password hygiene across personal and work accounts. Additionally, some of the emails leaked belong to individuals from high profile companies like Virgin Media, Experian, and Walmart, who could getblackmailed with extortion attempts. To keep customer data and credentials protected from malicious actors, organizations must implement advanced cloud security measures. Companies such as MobiFriends should follow the principle of least-privileged access when provisioning identity and access management (IAM) permissions by providing checks to restrict identities from being able to access more than they are granted. This can be accomplished by employing automated security tools that continuously protect systems and servers from IAM vulnerabilities, as well as misconfigurations, policy violations, and other threats to ensure holistic security and compliance. Additionally, organizations should implement multi-factor authentication (MFA) for all users, securely manage service accounts and their corresponding keys, and enforce best practices for the use of audit logs and cloud logging roles.  Read Less