Newsletter
The data of millions of users of Moonly, an astrology app, has been leaked. The list includes sensitive data such as GPS locations, birth dates, and email addresses, among others. Furthermore, it seems that the team in charge of the app hid close ties with Russia.
Moonly is a popular app among astrology fans. It boasts about 6 million users around the world. However, it hid shady things regarding its management, although the data leak issue may be even worse. Cybernews, a platform focused on cyber security, posted some worrying findings.
Leaked data of Moonly app users includes addresses, email, and birth dates
In mid-June, the source found a database that was publicly available on Google Cloud. The file belongs to Cosmic Vibrations Inc., the parent company of the Moonly app. According to the report, it included Moonly’s database backup from April 19, 2024. From there, the Cybernews team was able to easily access the data of 6 million users. The leaked data includes: “Prompts for AI-generated images, AI-written motivational messages, AI-generated Tarot card readings, GPS locations of where the account was created, dates of birth, astrological information, user device metadata, email addresses of 90,000 customers, employee credentials, and IP addresses.”
The leak of GPS locations is especially serious. The vast majority of people probably created their Moonly account from home, so their addresses are freely available on the internet without knowing it. In addition, data such as birth dates and email addresses would facilitate hacking attempts by malicious parties. But that’s not all, as the database also included Moonly’s admin team credentials.
Interestingly, the employees’ passwords were protected using hashing. However, that’s still less secure than encryption, so the source was able to crack some of the passwords. This means that a malicious third party could have done the same to take control of Moonly’s entire database and access even more sensitive data.
Moonly management allegedly works from Russia
The report also revealed Moonly’s management ties to Russia. In fact, everything points to the company running the app from outside the United States. Meanwhile, they were trying to hide it using infrastructure from the US and EU. The leaked IP addresses list confirmed that all Moonly employees log in to their accounts from the Russian Federation, Belarus, and Indonesia. There is no record of employees logging in from the US.
Also, the leaked employee credentials show that the employees with “Admin” status have Russian surnames. It’s notable that the company never spoke publicly about its management. However, using US and EU infrastructure while managing the app from other countries suggests an attempt to evade sanctions in the current context of Russia’s attack on Ukraine.
The US government has already issued hundreds of sanctions against Russia and affiliated businesses. Recently, all Kaspersky software products were banned from the country. There is still no official word from the Moonly’s team about these findings.