A hacking group recently leaked the data of 2.28 million MeetMindful daters, reported ZDNet. The hackers, a group called ShinyHunters, stole and released various information such as Facebook tokens, email addresses, and geo-location.
The group uploaded the stolen data to a hacking forum, which is publicly accessible. The file, which is 1.2 gigabytes in size, is also free to download. This makes user information such as real names, contact information, body details, dating preferences, birth dates, and IP addresses.
However, ZDNet noted that instant messages exchanged by users were not included in the leak. Moreover, not all affected accounts had their full information stolen and leaked.
MeetMindful is a dating site that highlights wellness and “intentional living,” according to Threat Post.
The report noted that these pieces of information can be used to find the real-world identities of the dating site’s users. Moreover, threat actors can use these details for various criminal activities such as identity theft and fraud.
As of the report, the hacking forum thread has been viewed more than 1,500 times. It is also likely to have been downloaded many times. The file also remains to be available for download.
ZDNet contacted MeetMindful on Twitter but was told to send an email. No response has been reported.
The dating site leak has opened discussions about the increase in “sextortion” cases in which hackers steal information and threaten the exposure of data if users refuse to pay the ransom.
Security researchers remarked that dating apps and sites have been the target of cybercriminals.
Senior Manager of Security Solutions at Lookout Hank Schless said, “Cyberattackers are increasingly targeting individuals on dating platforms across both mobile and desktop.”
He added, “They’re doing this because these apps are a treasure trove of personal data that requires a lot of device permissions such as location, access to the camera and access to contacts in order to work.”
Aside from MeetMindful details, ShinyHunters has also leaked the information of Teespring users affecting millions of users. Other victims of the group include Homechef, Chatbooks, Chronicle.com, Tokopedia, and GitHub.
Regarding the method of hacking, Threat Post noted that the technique remains unknown. However, expert analysis by Cymulate chief technology officer Avihai Ben-Yossef said that it could be a result of cloud misconfiguration, which calls for cloud hygiene.
Some ways to counter this includes two-factor authentication, good certificate, and identity store management.