The personal data of 30 million users of one of China's most popular dating apps is reportedly available online for just 200 yuan (30 US dollars), in the latest example of the security challenges facing tech companies.
In a post on Sina Weibo published Monday, user @lxghost1989 says “Momo's database is so cheap,” while attaching pictures that appear to show mobile phone numbers and password information.
The images suggest the data comes from July 2015, with the unnamed “seller” even issuing a disclaimer saying there is no guarantee the passwords are still valid, and that there will be no refunds.
Comments under the post by other users suggest the data is being sold on the “dark web.”
Momo Inc., which listed on Nasdaq in December 2014, issued a statement in response to the alleged data leak, saying that the “matching rate of the data was quite low,” referring to the chances of a password and phone number in the leaked information matching up.
The statement, which notably contained no denial of the leak, added that user accounts were safe, because attempting to log in from an unknown device would send an automated verification text message to the real user's mobile phone.
However, for users who have not changed their passwords in the past three years and use the same passwords across multiple apps and online accounts, the data breach represents a genuine risk.
The company's stock price, which has fallen by almost 40 percent since June, was largely unaffected by the hack reports, increasing by more than 5.5 percent as other major China-related stocks saw strong gains on Monday.
Momo's data hack reports come just days after Marriott revealed as many as 500 million customers of the hotel giant may have had their data leaked.
In October, Hong Kong-based airline Cathay Pacific admitted to a data leak which potentially affected millions of passengers, while August saw China's Huazhu Group (a hotel chain behind brands like Hanting Express) admit up to 130 million guests' data may have been compromised.
Last week, the China Consumers' Association (CCA) published a report that found 91 of 100 surveyed mobile apps were collecting excessive amounts of personal data from users, despite China implementing a national standard on protecting personal information in May, which specifies requirements on collection, preservation, use and circulation of personal data.