Data Breaches
Hackers claim to access 10M dating app records in latest data breach
User data downloaded on dating apps

Hackers claim to access 10M dating app records in latest data breach

Kaelee Nelson, M.A. (Digital Humanities) | Data Analyst & Researcher
Kaelee Nelson, M.A. (Digital Humanities) | Data Analyst & Researcher Author
Updated on 2 min read

Match Group is investigating claims by the ShinyHunters cybercrime group that sensitive data from its dating platforms—including Hinge, OkCupid, and Match.com—was exposed in a recent security incident.

Key details

  • Attackers claim access to 10+ million records tied to dating app usage
  • Data samples include user IDs, IP addresses, transaction metadata, and profile information
  • No evidence so far of exposed passwords or direct payment credentials, per Match Group
  • Incident may involve a third-party analytics data flow, not core app systems

What happened

The ShinyHunters group alleges it obtained over 1.7GB of compressed data associated with Match Group dating apps. According to researchers who reviewed samples attached to the claim, the files contain dating profile text, match records, subscription transaction metadata, IP addresses, phone numbers, and authentication tokens.

The attackers suggest the data originated from AppsFlyer, a mobile marketing analytics platform. AppsFlyer has denied any breach, stating that its systems were not compromised. Match Group says it acted quickly to terminate unauthorized access and is notifying affected users where appropriate.

How it works

  • Third-party analytics platforms receive behavioral and transaction data from apps
  • If exposed, attackers can correlate IDs, profile details, and payments
  • This enables personalized phishing, romance scams, or impersonation
  • Authentication tokens may allow session abuse even without passwords

Why this matters for dating app users

Dating platforms hold uniquely sensitive information: personal interests, relationship history, location signals, and emotional context. Even when passwords are not exposed, profile data can be weaponized in highly targeted scams or extortion attempts.

With deepfakes and sophisticated social-engineering techniques on the rise, cybercriminals can weaponize leaked personal data to craft highly convincing fraud and impersonation schemes, contributing to widespread scam exposure across the U.S. Dating-related data leaks raise the stakes because attackers can tailor messages that feel deeply personal and psychologically convincing.

💡
OmniWatch Tip for Dating App Users
Scam attempts increasingly reference personal details scraped from breaches. If a message feels “too specific to be random,” pause before responding.

What to do now

  1. Log out of all active sessions on dating apps
  2. Change passwords and enable multi-factor authentication
  3. Be skeptical of messages referencing your dating activity or subscriptions
  4. Monitor financial accounts for unusual charges
  5. Report suspicious communications to ReportFraud.ftc.gov

OmniWatch continuously monitors the dark web for mentions of your personal information and checks whether your email address appears in known data breaches. It also helps detect phishing links and suspicious communications before they reach you, reducing the need to stay on constant high alert and making it easier to spot real threats without second-guessing every message.

Get started with OmniWatch

Stay protected as cyber threats continue to evolve.

Sources

  1. Cybernews investigation: cybernews.com