MobiFriends

MobiFriends, operating also as MobiFriends Solutions, is a mobile dating application provider headquartered in Spain. The company's core service is a platform designed to facilitate connections and communication between users seeking personal relationships. Its primary market consists of individuals using smartphone applications for dating and social interaction. The platform's operational scope is defined by its mobile application ecosystem, which collects and manages user profile information to enable matchmaking and messaging features. The service inherently handles sensitive personal data, including contact details, demographic information, and user-generated activity logs, as part of its core functionality to connect users.

A defining and publicly documented event in the organisation's history is a significant security incident that occurred on or before January 1, 2019. This breach resulted in the compromise of personal data belonging to millions of users of the MobiFriends application. The exfiltrated data included email addresses, mobile phone numbers, dates of birth, genders, usernames, details of user activity on the platform, and passwords. A critical vulnerability was the storage of passwords using weak MD5 hashing, a deprecated cryptographic method easily susceptible to cracking. The stolen dataset was subsequently leaked publicly on the internet. Analysis of the leaked data revealed it contained professional email addresses associated with employees of major corporations, substantially increasing the risk of targeted spear-phishing attacks, extortion attempts, and credential-stuffing campaigns against those organisations due to common password reuse practices. The precise origin of the breach, whether through exploitation of server-side vulnerabilities or access to an exposed database, remains undetermined. Notably, MobiFriends did not issue any public statement acknowledging the security incident, even after independent third-party researchers verified the authenticity of the leaked data. This lack of public response is a distinguishing characteristic of the organisation's handling of a major data security failure affecting its user base.