A significant data breach impacting the “Flat Earth Sun, Moon and Zodiac” mobile application has exposed the personal information of over 33,000 users. This incident highlights the critical importance of secure coding practices and robust data protection measures in all applications, regardless of their subject matter.
I. Overview of the Breach
On October 15, 2024, a security vulnerability within the Flat Earth Sun, Moon and Zodiac app allowed unauthorized access to a substantial amount of user data. This breach was added to the Have I Been Pwned (HIBP) database on March 2, 2025, bringing the incident to wider public attention. The compromised data encompasses a wide range of sensitive personal information, posing a significant risk to affected users.
II. Data Compromised
The leaked data includes:
- Personally Identifiable Information (PII): Names, email addresses, dates of birth, and genders.
- Location Data: Geographic locations (latitudes and longitudes).
- Account Credentials: Usernames and passwords. Critically, passwords were stored in plain text, significantly increasing the risk of account takeover and identity theft.
III. Number of Affected Users
A total of 33,294 unique user accounts were affected by this data breach. This substantial number underscores the widespread impact of the security failure.
IV. Cause of the Breach
The primary cause of the breach is attributed to insecure coding practices and inadequate data protection measures within the application. The storage of passwords in plain text is a particularly egregious security flaw. Further investigation may reveal additional contributing factors.
V. Recommendations for Affected Users
Users of the Flat Earth Sun, Moon and Zodiac app are strongly advised to take the following steps:
- Change Passwords Immediately: Update passwords on all accounts, especially those using the same password as the compromised app. Utilize strong, unique passwords.
- Monitor Accounts: Regularly check accounts for any unauthorized activity or suspicious login attempts.
- Enable Two-Factor Authentication (2FA): Where available, enable 2FA on all online accounts to add an extra layer of security.
- Report Suspicious Activity: Report any suspicious activity to the relevant authorities and service providers.
This data breach serves as a reminder of the necessity for developers to prioritize data security and implement robust security measures throughout the entire application development lifecycle. The lack of basic security protocols in this instance has resulted in a significant compromise of user privacy and security.
