Investigators have discovered that private data belonging to six million users of the popular astrology and moon-tracking app Moonly was leaked online.
The data discovered includes birth dates, exact GPS locations and email addresses of users, as well as IP addresses and employee credentials, according to Cybernews experts.
GPS locations of where users created their accounts were part of the leak, meaning many users’ home or work addresses were revealed, as well as over 90,000 customer email addresses. As is always the case with leaks of sensitive information, this leaves users vulnerable to threat actors exploiting the data, creating a risk of reputational damage. Identity theftor financial loss.
Russian ties
Cosmic Vibrations, the company behind Moonly, has said it is based in San Francisco, US, but researchers have found reason to believe that figure may not be entirely accurate.
The employee data included in the leak revealed that employees accessed their systems primarily from the Russian Federation, Belarus and Indonesia, and that records in the databases featured predominantly Russian surnames.
The social media accounts of Moonly's founders and staff appear to… confirm Most of them were formed in Russia, and a few remain based there. The app's Google Play store directs anyone who clicks through to the developer's site to a Russian landing page. Despite this, the Delaware-registered organization insists it is based in the United States and “operates globally with a diverse team of employees located around the world.”
It's unclear whether this leak was the result of incompetence or malice, but Cosmic Vibrations says it has taken action, stating: “The issue was quickly resolved to avoid further complications and safeguard our users' data.”
As the latest in what seems to be an endless stream of Data breachesthe leak could have serious consequences for its users. If you are concerned about this or any other data leak, it may be worth taking a look at the The best protection against identity theft for familiesOr if you're looking for a different type of online protection, why not take a look at our guide on The best internet security suites.