MobiFriends Breach Affects 3.68M Users, Data Sold on Dark Web


After a security breach in 2019, dating application MobiFriends is now under fire after experiencing yet another incident. According to ZD Net, the data reportedly obtained from the January 2019 breach are now up for sale on the dark web, compromising the personal information of 3.68 million users.

MobiFriends is an online and mobile dating application geared towards helping users meet other people from around the globe.


Risk Based Security (RBS) first found the dating company’s information online in April 2020. In an interview with ZD Net, security researchers of RBS confirmed the data by cross-matching the compromised information against the data found on the MobiFriends website.

MobiFriends Data Breach

The personal details of the aforementioned users are now available for download, putting the individuals at risk. In the same way, the data of these users are still being shared on a variety of platforms, notes ZD Net.


Among the compromised information are email addresses of users, mobile numbers, dates of birth, gender, usernames, and app and website activity. Passwords, secured only with MD5, otherwise known as a generally weak hashed protection, were also made vulnerable to the public.

While personal details may have been compromised, ZD Net states that the users’ messages on the platform, as well as other compromising images or sexual-related content, were not revealed.

Prior to being made available for download, ThreatPost revealed the user credentials were sold on an underground platform dated January 12, 2020. The seller was hiding under the username ‘DonJuji.’ The RBS team attributes the selling to the 2019 data breach.

However, the sharing of the data on the same platform this April 2020 was attributed to a different threat actor.

Besides the credentials of users, Risk Based Security said that there were other huge firms and companies affected by the breach. Among these are Fortune 1000 companies, such as American International Group (AIG), Experian, Virgin Media, Walmart, and many others.

Following the incident, security researchers state that individuals and companies alike are now vulnerable to hacking and phishing incidents. Moreover, these users may also fall victim to other targeted attacks, such as extortion, identity theft, and other malicious campaigns launched by attackers.

As of writing, the Barcelona-based dating firm MobiFriends has yet to issue a statement on the incident. The company has likewise turned down requests for comment on the issue, despite repeated requests and reach outs by various companies such as RBS, ThreatPost, and ZD Net.