Finding love online just got a lot more complicated. A major new security breach has hit the parent company of Hinge, Match.com, and OkCupid, potentially exposing the private details of millions of daters. The notorious hacking group “ShinyHunters” claims to have stolen over 10 million records—data that could allegedly shine a very public spotlight on users’ private lives. If you’ve ever swiped or messaged on these apps, read on to find out exactly what was taken and how this leak could make you a prime target for sophisticated scams and phishing attacks.
The scale of the data breach
The cybercrime world was put on high alert after the ShinyHunters gang announced they had successfully infiltrated the networks associated with some of the world’s most popular dating apps. Following their usual playbook, the hackers used a dark web forum, typically reserved for showcasing ransomware victims, to broadcast their latest haul.
The group’s blog post was direct about the scope of the theft: “Over 10 million records of Hinge, Match, and OkCupid usage data from Appsflyer and hundreds of internal documents,” the attackers claimed.
According to the hackers, the loot consists of roughly 1.7GB of compressed data. The phrasing used in the leak suggests that the information was pulled from AppsFlyer, a widely used mobile marketing and analytics tool. This is a significant detail, as Match Group (the US-based tech giant behind Hinge, OkCupid, and Match.com) relies on such platforms to track user engagement. Curiously, while Match Group also owns Tinder and Plenty of Fish, the hackers did not name those specific platforms in this particular leak.
In response to the claims, Match Group confirmed they are working with outside specialists to probe the incident. While they acknowledge a security event took place, they are currently downplaying the severity regarding sensitive personal info.
“We are aware of claims being made online related to a recently identified security incident. Match Group takes the safety and security of our users seriously and acted quickly to terminate the unauthorized access,” a Match Group spokesperson said in a statement.
The company’s initial audit suggests that the “crown jewels” of user privacy might still be safe. “We continue to investigate with the assistance of external cybersecurity experts. There is no indication that user log-in credentials, financial information, or private communications were accessed. We believe the incident affects a limited amount of user data, and we are already in the process of notifying individuals, as appropriate,” the spokesperson added.
While the hackers pointed toward AppsFlyer, the analytics firm has been quick to deny any fault, stating the breach did not happen on their watch. “Any suggestion that AppsFlyer was the source of the incident, or that data was exposed due to a compromise of AppsFlyer’s systems, is misleading and inaccurate, and may be damaging to AppsFlyer,” a representative for the company clarified.
What user data was exposed?
The Cybernews research team, which reviewed the data samples shared by ShinyHunters, says the leaked files contain a mix of user, employee, and internal corporate information. The samples linked to Hinge include documents listing matches, roughly 100 user profiles with names and bios, subscription and transaction details, and records tied to blocked app installs showing IP addresses and locations.
Researchers also found phone numbers and authentication tokens that did not appear to be duplicated. Beyond Hinge, the dataset appears to include in-app purchase records from Vividi, a video-based dating app, along with OkCupid documents related to app debugging, employee email lists, and internal company materials such as partner contracts.
How risky are dating app data leaks?
While the data samples currently posted by ShinyHunters on the dark web aren’t big in size, security analysts warn that this is likely just a “proof of life” for a much larger, more damaging dataset. For now, the full extent of the Match Group breach remains unconfirmed, but the potential fallout is already casting a long shadow over the digital dating world.
On the business side, a breach of this scale shatters the fragile bond of user trust, a commodity that is the lifeblood of dating apps, which handle some of the most intimate details of our personal lives. For the users themselves, the danger isn’t just a stolen password; it’s the personal nature of the data.
“The data leak could have a noticeable impact on the users involved. Dating profile information can be used to craft personally catered fraud campaigns and scams that may have a stronger psychological effect than an average phishing email,” the Cybernews research team explained.
Because dating profiles reveal our interests, our vulnerabilities, and our specific lover types, hackers can move beyond generic spam. Instead, they can build highly convincing, targeted scams designed to manipulate victims emotionally, making this type of exposure far more dangerous than a standard retail hack.
Source: Cybernews