Researchers have discovered that private data of six million users of the popular astrology and moon tracking app Moonly has been leaked online.
According to experts at Cybernews, the data exposed includes birth dates, exact GPS locations and email addresses of users, as well as IP addresses and login information of employees.
The GPS locations where users created their accounts were part of the leak, meaning many users’ home or work addresses were exposed, as well as over 90,000 customer email addresses. As is always the case with leaks of sensitive information, this leaves users vulnerable to threat actors exploiting the data, which could result in reputational damage. Identity theftor financial losses.
Russian ties
Cosmic Vibrations, the company behind Moonly, claims to be based in San Francisco (USA), but researchers have found reasons why this may not be entirely true.
The employee data contained in the leak showed that employees primarily accessed the systems from the Russian Federation, Belarus and Indonesia and that the database entries predominantly contained Russian surnames.
The social media accounts of Moonly founders and employees appear confirm Most of them were educated in Russia, and a few still live there. The app’s Google Play store redirects anyone who clicks on the developer’s website to a Russian landing page. Despite this, the Delaware-registered organization insists it is based in the US and “operates globally with a diverse team of employees around the world.”
It is unclear whether this leak was due to incompetence or malicious intent, but Cosmic Vibrations says it has taken action: “The issue was quickly resolved to prevent further complications and protect our users’ data.”
As the latest in a seemingly never-ending stream of Data breachesthe leak could have serious consequences for users. If you are concerned about this or any other data leak, it may be worth taking a look at the best identity theft protection for familiesor if you are looking for a different type of online protection, take a look at our guide to best internet security suites.