MobiFriends breach highlights need to use caution on dating apps

Malea Lamb-Hall 11 May 2020

Popular dating apps have become hot spots for hackers

While online dating apps have grown increasingly popular over the past 10 years, they’ve also become a hot spot for hackers.

The latest breach, disclosed Friday, involved the exposure of 3.5 million users’ personal details from the online app MobiFriends. The good news – for users, at least – is that the data leaked online didn’t contain any private messages, images or sexually related content. The bad news: A plethora of other sensitive details were exposed – everything from email addresses to mobile numbers, dates of birth, gender information, usernames, website activity, and, most concerningly, passwords.

The passwords were secured by MD5, a less robust hashing function that’s more easily cracked than other modern applications, thus, making users vulnerable to spear-phishing attacks or other extortion attempts. The leaked credentials can also be used for brute-force password attacks to target accounts on other websites where MobiFriends users might have transacted using the leaked logins, according to a report in ZDNet.

While this is the most recent example of popular dating apps posing security risks, it’s not the first and likely not the last. Grindr and Tinder, for example, have suffered multiple data breaches in recent years. Security flaws in Grindr enabled people to zero in on user locations down to within a few hundred feet. Grindr claimed to resolve the issue, but researchers later cut through the fix and discovered users’ locations – even those who had opted out of letting Grindr share their location data. Similarly, the use of non-HTTPS protocols created a security vulnerability for Tinder in recent years, making it possible for an attacker to intercept traffic between a user’s mobile device and company’s servers. 

In another case, researchers found that Android versions of Bumble and OkCupid stored sensitive data without proper protection, freeing hackers up to use Facebook authorization tokens to gain full access to accounts.

All of which underscores the need to exercise caution when sharing information on any apps – particularly dating apps – and watch out for suspicious activity or interactions. Here are a few tips to consider:

  • Don’t reuse passwords: Users should change passwords on every account, especially where they use the same login details as the MobiFriends app.
  • Never share your full name, address, or place of work in your profile.
  • Do not link your account on a dating app to other accounts such as Facebook, Instagram, Twitter or WhatsApp. Hackers can connect your social media profile to your online dating one.
  • For accounts that connect with your email, don’t use your everyday email address. Instead, use a separate, anonymous email just for that specific app or relationship.
--> -->