Dating Site Hacked, Leads To Private Data Leak of 2.2 Million Users

Privacy of over two million people is at stake as a huge date leak has been reported this week. MeetMindful.com a dating website’s data of more than 2.28 million users has leaked. This website was founded in 2014. Some of the sensitive data has been shared as a free download, which was publicly accessible on hacking forum. This forum is known for its trade in hacked databases.

These were the data points that were publicly accessible-

1) Real names

2) Email addresses

3) City, state, and ZIP details

4) Body details

5) Dating preferences

6) Marital status

7) Birth dates

8) Latitude and longitude

9) IP addresses

10) Bcrypt-hashed account passwords

11) Facebook user IDs

 12) Facebook authentication tokens

The leak came to light after vpnMentor’s research team recently received a report from an anonymous ethical hacker about a massive data leak exposing users of over 70 adult dating and e-commerce websites from around the world.

The various websites were all using the same marketing software built by email marketing company Mailfire — who was responsible for the leak.

The software in question had been compromised through an unsecured Elasticsearch server, exposing people all over the world to dangers like identity theft, blackmail, and fraud.

Upon further investigation, it turned out that some of the sites exposed in the data leak were scams, set up to trick men looking for dates with women in various parts of the world.

Messages exchanged by users were not included in the leaked file; however, this does not make the entire incident less sensitive.

It was said that not all leaked accounts have full details included, for many MeetMindful users, the provided data can be used to trace their dating profiles back to their real-world identities.

On Thursday, a spokesperson redirected our requests to an email address to reach out for comment to MeetMindful. And there was no reply from them for three days.

In the meantime, the forum thread where the MeetMindful data was leaked has been viewed more than 1,500 times and most likely downloaded, in many cases.

On the public file-hosting site, the data is still available for download where it was initially uploaded. A threat actor who goes online as shinyhunters released the Teespring, a web portal’s millions of users details and was selling custom-printed apparel.

 A request for comment sent to an email address previously used by ShinyHunters was not answered as well.

The leak of this highly sensitive data represents an emerging issue for the site’s users and the main reason why MeetMindful needs to notify account holders. This act is not new, over the past few years, many cybercrime groups have engaged in a practice called sextortion, where they take data leaked from dating sites and contact site users, threatening to expose their dating profiles and history to family or work colleagues unless they’re paid a ransom demand.