Chinese Social Network Momo Refutes Accuracy of Leaked Data for Sale on Dark Web
Xu Wei
/SOURCE : yicai
Chinese Social Network Momo Refutes Accuracy of Leaked Data for Sale on Dark Web

(Yicai Global) Dec. 4 -- Chinese social media  network Momo has questioned the authenticity of leaked data from 30  million of its users for sale on the dark web.

The data available is inaccurate compared with the  actual details of its users, Beijing-based Momo Technology said in a  statement, while several media outlets that ran their own tests found  the data to be incorrect.

Reports emerged yesterday on a WeChat-based media  outlet that details of 30 million users including passwords and phone  numbers were available via the dark web for USD50.

The seller stated that the data was acquired via  dictionary attack, a brute force attack technique for defeating a cipher  or authentication mechanism, meaning that time-sensitive accuracy of  the data was not guaranteed.

A dictionary attack works by trying all the  possible strings in a dictionary prepared by the hacker to collected  leaked pairs of usernames and passwords online. Chinese recruitment site  51Job reported a similar attack after its own data appeared for sale on  the web for 12 bitcoins in June. 

Momo uses a high-intensity, one-way hash algorithm  in which user passwords are unidirectionally encrypted into ciphertext  and cannot be restored to plaintext, the company said, adding that it is  not possible to directly obtain users' plaintext login credentials  directly from its database.

"Momo uses multiple verification mechanisms  including password verification and device authentication to protect  user information," the firm said. "Anyone who tries to log in to a Momo  account on other devices with only mobile phone number and password will  trigger different information verification."

The case of Momo is the latest in a string of cases  that have plunged data security into the spotlight. Personal  information of 500 million guests of China's Huazhu Hotels was leaked in  August. Another hotel chain Mariott International confirmed last week  that data related to up to 500 million guests had also been breached.

Follow Yicai Global on
Keywords: MOMO , Internet Security , Dictionary attack