Online dating sites have been a common target for hackers in recent years. Last week another company fell victim. A threat actor who goes by the moniker ShinyHunters leaked data from more than two million users of MeetMindful. The Denver-based company, founded in 2015, confirmed the breach in a recent notification to the site’s users.

Keith Gruen, one of MeetMindful’s founders, said in the user notification that “a well-known hacker was able to exploit a now-closed vulnerability in our system” that allowed the export of “an outdated version of a list of basic user information.” Gruen added that the leak applied to information for users who signed up to the site prior to March 2020.

ShinyHunters posted the 1.2 gigabytes of user data as a free download on a popular hacker forum site. Included in the dump were users’ real names, email and physical addresses, IP addresses, Facebook user IDs, and Facebook authentication tokens, among other data. The company said no credit card or payment information was compromised.

A Known and Prolific Threat Actor

ShinyHunters emerged last year as a significant new threat actor. A profile noted that in the first two weeks of May 2020, the hacker claimed credit for putting up more than 73 million user records for sale on the dark web. Targets included 30 million credentials from the dating app Zoosk and 8 million user records from Home Chef.

Just months later, ShinyHunters made headlines again when he posted 386 million user records from 18 different companies online, this time for free. At the time, the hacker claimed he had made enough money in previous hacks and could afford to give the stolen data away without charge.

ShinyHunters has been active this year as well. Along with MeetMindful user data, the hacker posted personal data from millions of customers of the WalMart-owned online Bonobos menswear brand, registered users of Teespring, a web portal for creating and selling custom-printed apparel, and users of the online photo editing site Pixlr.

Soft Targets for Hackers

Online dating sites have long been a popular target for cybercriminals. Tinder, Match.com and PlentyofFish all experienced attacks in 2015. Just last year, a security team from Check Point Research analyzed security at OkCupid, one of the largest online dating communities. It found easily exploitable vulnerabilities that threatened OkCupid’s 50 million registered users.

Dating sites and mobile apps gather and store sensitive information on millions of users. This information is a treasure trove for hackers, who can steal it directly or gain access to it using a variety of social engineering techniques. This data can then be sold or distributed, or used as the basis for a targeted ransomware attack. Fortunately, OkCupid was able to patch their vulnerabilities before they could be exploited.

Protect Your Digital Health

Data leaks are quite common. They can occur at companies large and small. Every time you provide your email or other personal information to an online entity, you trust that they will keep it safe. As the Check Point team discovered with OkCupid, security measures are not always as comprehensive as they should be.

It’s a common feature of good digital hygiene to change your passwords frequently. You might not hear about a data leak until long after your personal information has been compromised. It’s also important not to recycle passwords. If your information does leak, attackers could easily use it to gain access to your credentials on other sites. Always use strong, unique passwords.

SecureData has been an industry leader in secure data storage, remote drive management and data recovery services for more than a decade. Our products and services provide a comprehensive security solution that includes offline encrypted storage and backup systems, remote drive management and rigorous endpoint protection.

Call us at 1-424-363-8535 to learn more about how our award-winning SecureDrive devices and software solutions keep your most sensitive information protected and contribute to a clean bill of digital health.

Comments are closed.