(Yicai Global) Dec. 4 -- Chinese social media network Momo has questioned the authenticity of leaked data from 30 million of its users for sale on the dark web.
The data available is inaccurate compared with the actual details of its users, Beijing-based Momo Technology said in a statement, while several media outlets that ran their own tests found the data to be incorrect.
Reports emerged yesterday on a WeChat-based media outlet that details of 30 million users including passwords and phone numbers were available via the dark web for USD50.
The seller stated that the data was acquired via dictionary attack, a brute force attack technique for defeating a cipher or authentication mechanism, meaning that time-sensitive accuracy of the data was not guaranteed.
A dictionary attack works by trying all the possible strings in a dictionary prepared by the hacker to collected leaked pairs of usernames and passwords online. Chinese recruitment site 51Job reported a similar attack after its own data appeared for sale on the web for 12 bitcoins in June.
Momo uses a high-intensity, one-way hash algorithm in which user passwords are unidirectionally encrypted into ciphertext and cannot be restored to plaintext, the company said, adding that it is not possible to directly obtain users' plaintext login credentials directly from its database.
"Momo uses multiple verification mechanisms including password verification and device authentication to protect user information," the firm said. "Anyone who tries to log in to a Momo account on other devices with only mobile phone number and password will trigger different information verification."
The case of Momo is the latest in a string of cases that have plunged data security into the spotlight. Personal information of 500 million guests of China's Huazhu Hotels was leaked in August. Another hotel chain Mariott International confirmed last week that data related to up to 500 million guests had also been breached.