[BreachExchange] Dating Service Suffers Data Breach

Destry Winant destry at riskbasedsecurity.com
Wed Apr 21 10:32:21 EDT 2021 

https://www.infosecurity-magazine.com/news/dating-service-suffers-data-breach/

Men's social networking website and online dating application Manhunt
has suffered a data breach.

According to a security notice filed with the office of the Washington
attorney general on April 1, the 20-year-old site was compromised in a
cyber-attack that took place in February 2021.

An unauthorized third party downloaded personal information belonging
to some Manhunt users after gaining access to the company's account
credential database.

The compromised database contained customers' usernames, email
addresses, and passwords. After discovering that a breach had
occurred, Manhunt performed a forced reset of all users' passwords.

Manhunt began notifying users of the security incident last month. The
company did not say how many of the approximately 6 million men who
use the site had been impacted by the attack.

In the notice of data breach, Manhunt revealed that the personal
information of an estimated 7,714 Washington residents had been
affected.

The breach was discovered by Manhunt on March 2. An investigation into
the incident revealed that the attacker(s) had downloaded customers'
data at the beginning of February.

"On March 2, 2021, Manhunt discovered that an attack gained access to
a database that stored account credentials for Manhunt users," wrote
the company in the notice.

"The attacker downloaded the usernames, email addresses and passwords
for a subset of our users. We immediately took steps to remediate the
threat and reset the passwords of affected users."

Following the breach, Manhunt retained a third-party forensics
consultant "to assist us in investigating what happened and confirm
that there is no ongoing unauthorized access to our systems."

The company said that no evidence had been found to suggest that
users' pictures, messages, or other information from their profiles
had been accessed by the hacker.

No payment card information was exposed because of the incident as
Manhunt doesn't transmit or store this type of information.

The company warned users to be on the lookout for phishing messages
from threat actors impersonating Manhunt or claiming to have
information about users. Customers were reminded that the company
would never ask them for their password or other sensitive information
over email.

More information about the BreachExchange mailing list