Cyber: Match Group Breach Exposes Data From Hinge, Tinder, Okcupid, And Match

Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data.

The company stated that hackers stole a "limited amount of user data" after the ShinyHunters threat group leaked 1.7 GB of compressed files allegedly containing 10 million records of Hinge, Match, and OkCupid user information, as well as internal documents.

In a statement to BleepingComputer, a spokesperson for Match Group confirmed the incident.

"We are aware of claims being made online related to a recently identified security incident," the company spokesperson said.

"Match Group takes the safety and security of our users seriously and acted quickly to terminate the unauthorized access."

The company said the investigation into the incident is in progress with the help of external experts, and that there is no indication that the hackers accessed user log-in credentials, financial information, or private communications.

"We believe the incident affects a limited amount of user data, and we are already in the process of notifying individuals, as appropriate," Match Group says.

Match Group is a giant in online dating, generating annual revenue of $3.5 billion, and the active user base across all its apps is estimated to be more than 80 million.

This latest incident is part of a new ShinyHunters voice phishing (vishing) campaign targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google across over a hundred high-value organizations, using links to supposedly internal login portals.

In the case of Match Group, BleepingComputer was told that the attacker stole data after compromising an Okta SSO account that gave them access to the company's AppsFlyer marketing analytics instance and Google Drive and Dropbox cloud storage accounts.

Source: BleepingComputer