Coffee Meets Bagel, a dating and social networking app/website has become the latest victim of a data breach after hackers exposed around 6 million users’ personal information. The San Francisco–based company stated that unknown intruders compromised the users’ information and exposed it on the dark web marketplace.
Coffee Meets Bagel notified all the affected users about the incident in an email. The exposed information included users’ names, location, gender, addresses, email addresses, and other personal information, the Independent reported.
“We recently discovered that some data from your Coffee Meets Bagel account may have been acquired by an unauthorized party. Once we became aware, we quickly took steps to determine the nature and scope of the problem. We have engaged forensic security experts to conduct a review of our systems and infrastructure,” the company said in an email statement.
Coffee Meets Bagel also stated that it’s going to enhance the security measures to better detect and prevent unauthorized access to its systems in the future.
Dating apps have been a prime target for hackers. Research by Kaspersky Lab, on analyzing several dating apps, revealed that the dating apps transmit unencrypted user data over insecure HTTP protocol risking user data exposure. According to researchers, the reason for the vulnerability was due to applications using third-party ready-to-go advertising Software Development Kits (SDKs), popular among advertising networks. Researchers while digging deeper found that most of the data were sent out unencrypted and over HTTP, making the data highly vulnerable while travelling through servers. Lack of encryption may mean that the data can be deciphered and intercepted by anyone.
The researchers suggested that these data can be modified and can be infused with malware endangering the user data. They also advised users to follow preventative measures like checking app permissions and using VPNs.