Members of the popular dating site MeetMindful encountered bitter news over the weekend after the cybercriminals group ShinyHunters leaked private data of more than 2.28 million of the site’s registered users. According to a report, the hacker group shared a file (1.2 GB in size) for free download on the darknet marketplace, where breached databases are traded. It was found that hackers posted an advertisement with a sample of data on the dark web as proof of compromise.
The leaked file included massive sensitive user information such as names, email addresses, birth dates, city, state, ZIP codes, dating preferences, marital status, IP addresses, Bcrypt-hashed account passwords, Facebook user IDs, and Facebook authentication tokens. However, the private messages between the users were not exposed in the incident.
The Breach Impact
The exposure of sensitive data may bring severe consequences to the MeetMindful account holders. The data dump is freely available on the darknet, and cybercriminals can easily misuse the dating profiles for personal gains. Attackers can also compromise users’ accounts by committing spear-phishing or credential-stuffing attacks on users whose data has been exposed in the incident. It is suspected that the leaked file has been viewed more than 1,500 times and likely downloaded several times.
ShinyHunters vs. Data Leaks
Recently, the operators of ShinyHunters traded databases of three India-based enterprises – ClickIndia, ChqBook, and WedMeGood – on Darknet forums. The data dump contained over 8 million records of ClickIndia (name, email, mobile and other personal details), 1 million records of ChqBook (name, email, mobile, full address, and other personal details), and 1.3 million from WedMeGood (name, email, hashed password, other sensitive personal information).