30 Million Momo Users May Be Affected By Data Leak

Momo
  • Contributed by:
  • Views: 163

As internet usage grows, so does the number of devastating data breaches that expose sensitive personal information. The online dating industry is no stranger to hacks hoping to exploit the extensive amount of personal data users share in their profiles, with services like FriendFinder Networks, Ashley Madison, Mate1 and Plenty of Fish falling victim to high profile attacks.

The latest company to join that list is Momo, one of China’s most popular dating apps. Data from 30 million users of the app is reportedly for sale on the Chinese dark web for just CNY 200 (approximately $30 USD).

In a post published on Sina Weibo on December 3, user @lxghost1989 shared a series screenshots entitled “database of 30 million Momo users” with a comment saying, “Momo’s database is quite cheap.” The data for sale includes phone numbers and passwords, and was supposedly obtained on July 17, 2015 via a method known as credential stuffing. This technique uses stolen account credentials - typically username and password pairs - to fraudulently gain access to other accounts that use the same login credentials. Individuals who use identical usernames and passwords across multiple accounts are highly vulnerable to this kind of attack.

TechNode reported on the post but was unable to verify the claims made by the Weibo user.

Momo responded with a statement saying that the matching rate for data is “quite low.” Even if credentials contained in the data leak do match a Momo account, the company told TechNode, it’s impossible for others to use the leaked data because any attempt to log in on a different device would trigger a verification message sent via text to the rightful account owner. The statement did not deny that the leak occurred.

It’s also possible the user information for sale is illegitimate or outdated, leading its low price tag. The seller included a disclaimer stating they cannot guarantee the validity of the data and will not offer a refund once the information is sold. Despite this warning, the images show the data package has been purchased three times to date.

This news comes at the same time as Momo released its Q3 2018 earnings report. The Beijing-based company revealed that its revenue for the third quarter jumped 51 percent while its net income inched up nearly 8 percent year-over-year.

"I am pleased that we delivered solid operational and financial results for the quarter," commented Yan Tang, Chairman and CEO of Momo. "At the same time we continued to push forward on product and operational fronts, in order to build up longer term growth drivers as we start to look beyond 2018 into next year."

Looking forward, Momo said it expected revenue to reach between 3.655 billion yuan and 3.755 billion yuan in the fourth quarter, representing an increase of 43 to 47 percent. Whether the data breach will take a toll on those numbers remains to be seen.