The recent data breach involving Moonly, a widely-used astrology application, has raised significant concerns among its user base and the broader cybersecurity community. With approximately 6 million users worldwide, the app has become a staple for astrology enthusiasts, but the revelation of sensitive data leaks has cast a shadow over its operations.
Leaked Data of Moonly App Users Includes Addresses, Email, and Birth Dates
In mid-June, Cybernews, a platform dedicated to cybersecurity insights, uncovered a publicly accessible database on Google Cloud, linked to Cosmic Vibrations Inc., the parent company of Moonly. This database, a backup from April 19, 2024, contained a wealth of sensitive user information. Among the data exposed were:
- Prompts for AI-generated images
- AI-written motivational messages
- AI-generated Tarot card readings
- GPS locations of account creation
- Birth dates and astrological information
- User device metadata
- Email addresses of approximately 90,000 customers
- Employee credentials
- IP addresses
The leak of GPS locations is particularly alarming, as many users likely created their accounts from their homes, inadvertently exposing their addresses online. Additionally, the disclosure of birth dates and email addresses poses a heightened risk for potential hacking attempts. The database also revealed admin team credentials, raising further security concerns.
While employee passwords were hashed, which offers some level of protection, this method is less secure than encryption. Consequently, some passwords were cracked, suggesting that a malicious entity could potentially gain access to Moonly’s entire database and sensitive information.
Moonly Management Allegedly Works from Russia
Adding another layer of complexity to the situation, the report indicated that Moonly’s management may have ties to Russia. Evidence suggests that the company operates from outside the United States while utilizing infrastructure based in the US and EU, possibly to obscure its true location. The leaked IP addresses indicated that employees logged in primarily from the Russian Federation, Belarus, and Indonesia, with no records of access from the US.
Furthermore, the leaked employee credentials revealed that individuals with “Admin” status bore Russian surnames. Notably, Moonly has not publicly disclosed details about its management structure. The use of US and EU infrastructure, coupled with operations from other countries, raises questions about potential attempts to circumvent sanctions amid the ongoing geopolitical tensions related to Russia’s actions in Ukraine.
As the US government continues to impose sanctions against Russia and its affiliated businesses, including the recent ban on Kaspersky software products, the lack of an official response from Moonly’s team regarding these findings leaves users and stakeholders in a state of uncertainty.