[BreachExchange] Hacker leaks data of 2.28 million dating site users

Destry Winant destry at riskbasedsecurity.com
Tue Jan 26 10:26:06 EST 2021


https://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/

A well-known hacker has leaked the details of more than 2.28 million
users registered on MeetMindful.com, a dating website founded in 2014,
ZDNet has learned this week from a security researcher.

The dating site's data has been shared as a free download on a
publicly accessible hacking forum known for its trade in hacked
databases.

The leaked data, a 1.2 GB file, appears to be a dump of the site's
users database.

The content of this file includes a wealth of information that users
provided when they set up profiles on the MeetMindful site and mobile
apps.

Some of the most sensitive data points included in the file include:

Real names
Email addresses
City, state, and ZIP details
Body details
Dating preferences
Marital status
Birth dates
Latitude and longitude
IP addresses
Bcrypt-hashed account passwords
Facebook user IDs
Facebook authentication tokens

Image: ZDNet

Messages exchanged by users were not included in the leaked file;
however, this does not make the entire incident less sensitive.

While not all leaked accounts have full details included, for many
MeetMindful users, the provided data can be used to trace their dating
profiles back to their real-world identities.

When we reached out for comment to MeetMindful on Thursday via
Twitter, a MeetMindful spokesperson redirected our request to an email
address from where we have not heard back for three days.

In the meantime, the forum thread where the MeetMindful data was
leaked has been viewed more than 1,500 times and most likely
downloaded, in many cases.

The data is still available for download on the public file-hosting
site where it was initially uploaded.

The site's data was released by a threat actor who goes online as
ShinyHunters, who earlier this week also leaked the details of
millions of users registered on Teespring, a web portal that lets
users create and sell custom-printed apparel.

A request for comment sent to an email address previously used by
ShinyHunters was not answered.

The leak of this highly sensitive data represents a looming issue for
the site's users and the main reason why MeetMindful needs to notify
account holders.

Over the past few years, many cybercrime groups have engaged in a
practice called sextortion, where they take data leaked from dating
sites and contact site users, threatening to expose their dating
profiles and history to family or work colleagues unless they're paid
a ransom demand.


More information about the BreachExchange mailing list