Hackingblogs : Employee passwords and an incredible amount of users’ GPS locations have been exposed by the Moonly app. Additionally, the disclosure raises the possibility that the supposedly US-based corporation may actually be run mostly out of Russia.
The Cybernews research team found a publicly accessible Google Cloud Storage bucket on June 18. The bucket belonged to Cosmic Vibrations Inc., a corporation that manages Moonly, an astrological app, and controls lunar tracking.
A database backup from April 19, 2024 was kept in the bucket. Six million Moonly users’ confidential information was exposed in this backup, including the precise GPS coordinates of user account creation.
Aras Nazarovas, a security researcher at Cybernews, stated that “it is possible that the GPS location of where people registered their accounts would match the GPS location of their residences, meaning that the consequences may be similar to revealing their home address.”
Among the stolen information were:
- Ideas for AI-generated visuals
- AI-generated inspirational messages
- AI-generated interpretations of Tarot cards
- GPS coordinates of the account creation location
- Birth dates and astrological details
- Metadata from user devices
- Ninety thousand clients’ email addresses
- Credentials of employees and IP addresses
This confidential information could be used by malicious parties in focused attacks. Some of the compromised employee passwords might still be cracked even though they were hashed with a somewhat safe procedure. Attackers may gain access to more sensitive data from other company systems and take control of employee accounts if they managed to breach security.
Cosmic Vibrations was established in 2020 and is based in San Francisco, California. Still, experts have concluded that the company is genuinely run out of Russia as a result of the data leak.
Employees of the company accessed Moonly’s systems from Indonesia, Belarus, and the Russian Federation, according to a leaked database backup. None of them connected from US home IP addresses,
References in the bucket’s name and the Russian surnames of the “Admin” users mentioned in the data tables were additional clues that connected the program to Russia.
Unaware app users may be transferring their data to Russian organisations and supporting a corporation that is owned by Russia in the middle of Russia’s aggression on Ukraine and other cyber frontiers as well as international economic sanctions against Russia.
According to leaked backend data, it is highly possible that the service is run entirely, or at least mostly, out of Russia. If this information had been openly disclosed to users, it might have prevented users from using the app for political purposes given the current geopolitical environment, according to Nazarovas.
