Researchers have uncovered private data of six million users of the popular Moonly astrology and lunar tracking app leaked online.
The uncovered data includes dates of birth, exact GPS locations, and email addresses of users, as well as employee IP addresses and credentials, by experts at Cybernews.
The GPS locations of where users created their accounts was part of the leak, meaning many users’ home or work addresses were disclosed, as well as over 90,000 customer email addresses. As is always the worry with sensitive information leaks, this leaves users vulnerable to threat actors exploiting the data, leading to a risk of reputational damage, identity theft, or financial loss.
Russian Ties
Cosmic Vibrations, the company behind Moonly, listed its headquarters in San Francisco, USA, but researchers have uncovered reasons to believe that may not be entirely accurate.
The employee data included in the leak revealed that employees primarily accessed their systems from the Russian Federation, Belarus, and Indonesia, with primarily Russian surnames in database records.
The social media accounts of Moonly founders and staff seem to confirm most were educated in Russia, with a handful still based there. The app’s Google Play Store directs anyone clicking on the developer’s site to a Russian landing page. Despite this, the Delaware-registered organization insists it is US based, which ‘operates globally with a diverse team of employees located around the world.’
It’s unclear whether this leak was the result of incompetence or malice, but Cosmic Vibrations says it has taken action, stating, “The problem was resolved quickly to prevent any further complications and to safeguard our users’ data”.
As the latest in what seems to be a never-ending stream of data breaches, the leak could have serious consequences for its users. If you’re concerned about this or any other data leak, it may be worth taking a look at the best identity theft protection for families, or if you’re after a different kind of online protection, why not take a look at our guide to the best internet security suites.