-
A cybercriminal group is claiming to have stolen some internal data from Bumble and personal info of millions from Match Group, the company that runs Tinder and Hinge.
-
Both companies said, yeah, there were some security issues, but the main user databases, private chats, and financial stuff are still safe and sound.
-
Some researchers checked out the leaked info and found user profile details out in the open. It just goes to show how vulnerable your info can be on these dating apps.
Cybercriminals seem to have placed a target on dating apps this week. Two major dating app companies are investigating cyberattacks. This comes after the hacking organization claimed that they had hacked Bumble and Match Group data.
The Incidents: Phishing and Claims of Massive Leaks
Bumble and Match Group recently dealt with serious cybersecurity events. The ShinyHunters cybercrime group is taking credit for both attacks.
Bumble’s issue started with a contractor. A spokesperson told Bloomberg that hackers got in by tricking a contractor with a phishing attack. They managed to get into a small part of Bumble’s network, but only for a short time. The company says they cut off access almost immediately.
They also stressed a critical point. The breach did not affect the main member database, user accounts, or the Bumble app itself. Private messages and dating profiles were also safe.
Also, Match Group, Tinder, Hinge, and OkCupid’s parent company, told Bloomberg that their database was compromised, but only a small portion of user info got exposed. They are currently trying to reach the affected customers to let them know what happened.
Additionally, Match said there’s no evidence that any login or credit card information or private messages were accessed as a result of the breach.
Hackers Broadcast Their Claims on the Dark Web
Despite the companies’ assurances, ShinyHunters made big claims. They posted about both attacks on their dark web leak site.
The same shadowy ecosystem where other criminal operations are routinely targeted by global law enforcement, as seen in the recent FBI disruption of a dark web operation behind the Qantas airline hack.
For Bumble, they reportedly leaked thousands of internal documents. These included files marked as restricted or confidential. The group said they got this data mainly from Google Drive and Slack. For Match, the claim was even larger. ShinyHunters said they accessed a huge trove of 10 million records.
Researchers reviewed data samples attached to the hackers’ posts. Their findings were concerning. The samples contained personal customer information and some employee details. They also included internal corporate data.
One sample linked to Hinge had documents listing user matches. It also had about 100 records of matched users’ profile info. This included names and biographical descriptions.
Other files had lists of dating profiles and logs of profile changes. Some records were duplicates or test data. Researchers also noted some files didn’t clearly identify which app they came from.
Why Dating Apps Are a Prime Target
This isn’t a random attack. ShinyHunters is a known, financially motivated threat actor. They are famous for high-impact campaigns. They have previously targeted major companies in insurance, retail, and aviation.
Just earlier in September, the FBI warned about hackers linked to ShinyHunters. They were extorting organizations for big ransoms after stealing data from cloud provider Salesforce. The group also recently claimed an attack on data analytics firm Mixpanel.
There is no doubt that the trend is clear; dating applications are being used more frequently by cybercriminals due to the vast amount of data these platforms manage. It’s a means to access the personal information of millions of people, which is like a goldmine for hackers.
This goldmine extends far beyond social platforms, as seen in the recent, massive breach of a key Swedish IT firm that exposed the data of 1.5 million people, underscoring the universal value of personal data in the criminal underworld.
We have seen other examples this year. Last July, the dating app Tea said hackers accessed about 72,000 user images. These included selfies used for identity verification.
In September, a Brazilian dating app called Sapphos completely shut down. This happened after users found a flaw that exposed sensitive personal data.
The digital dating world is built on sharing personal details. That makes it a treasure chest for hackers. Companies must guard that chest with extreme care. Users are now watching closely to see how these giants respond.
