Well-known hacker group ShinyHunters has leaked online a 1.2-gigabyte file containing the details of more than 2.28 million users from the dating website MeetMindful.com.
According to a report from ZDNet, the data breach has been made available as a free download and contains sensitive information ranging from real names and birthdays, emails, IP addresses to dating preferences, body details, marital status, and even Facebook authentication tokens.
Some of the most sensitive data points included in the file include:
- Real names
- Email addresses
- City, state, and ZIP details
- Body details
- Dating preferences
- Marital status
- Birth dates
- Latitude and longitude
- IP addresses
- Bcrypt-hashed account passwords
- Facebook user IDs
- Facebook authentication tokens
Fortunately, no credit card details or private messages between users have been included in the file, but this doesn’t mean that the provided data cannot be used as a means to trace back the dating profiles to the users’ real identities.
Keith Gruen, co-owner of the Denver-based startup, confirmed the leak in a blog post:
“We are deeply sorry that this has happened, and want to be as candid and transparent as possible about what occurred, who was affected, and how we’re moving forward.”
According to the post, “the accessed information is roughly 6mo old” and the company is closely “working with others involved in this breach”. While Gruen did not confirm the number of users affected by the hack, he did assure that even though the hackers have managed to exploit “a now-closed vulnerability in its system”, the company has, fortunately, “identified the vulnerability and immediately resolved it.”
So far the data has not been taken down from the public hacking forum where it was initially uploaded and has been viewed more than 1.500 times.