Hacker leaks data of 2.28 million dating site users | ZDNet
Data belongs to dating site MeetMindful and includes everything from real names to Facebook account tokens, and from email addresses and geo-location information.
Catalin Cimpanu
By Catalin Cimpanu for Zero Day | January 24, 2021 -- 12:54 GMT (12:54 GMT) | Topic: Security
meetmindful-forum.png
Image: ZDNet
A well-known hacker has leaked the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher.
SECURITY
Remove yourself from the internet, hide your identity, and erase your online presence
Remove yourself from the internet, hide your identity, and erase your online presence
Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.
Read More
The dating site's data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked databases.
Also: Best VPNs • Best security keys • Best antivirus
The leaked data, a 1.2 GB file, appears to be a dump of the site's users database.
The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps.
Some of the most sensitive data points included in the file include:
Real names
Email addresses
City, state, and ZIP details
Body details
Dating preferences
Marital status
Birth dates
Latitude and longitude
IP addresses
Bcrypt-hashed account passwords
Facebook user IDs
Facebook authentication tokens
meetmindful-db-sample.png
Image: ZDNet
Messages exchanged by users were not included in the leaked file; however, this does not make the entire incident less sensitive.
While not all leaked accounts have full details included, for many MeetMindful users, the provided data can be used to trace their dating profiles back to their real-world identities.
When we reached out for comment to MeetMindful on Thursday via Twitter, a MeetMindful spokesperson redirected our request to an email address from where we have not heard back for three days.
In the meantime, the forum thread where the MeetMindful data was leaked has been viewed more than 1,500 times and most likely downloaded, in many cases.
The data is still available for download on the public file-hosting site where it was initially uploaded.
The site's data was released by a threat actor who goes online as ShinyHunters, who earlier this week also leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel.
A request for comment sent to an email address previously used by ShinyHunters was not answered.
The leak of this highly sensitive data represents a looming issue for the site's users and the main reason why MeetMindful needs to notify account holders.
Over the past few years, many cybercrime groups have engaged in a practice called sextortion, where they take data leaked from dating sites and contact site users, threatening to expose their dating profiles and history to family or work colleagues unless they're paid a ransom demand.
Catalin Cimpanu
By Catalin Cimpanu for Zero Day | January 24, 2021 -- 12:54 GMT (12:54 GMT) | Topic: Security
meetmindful-forum.png
Image: ZDNet
A well-known hacker has leaked the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher.
SECURITY
Remove yourself from the internet, hide your identity, and erase your online presence
Remove yourself from the internet, hide your identity, and erase your online presence
Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.
Read More
The dating site's data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked databases.
Also: Best VPNs • Best security keys • Best antivirus
The leaked data, a 1.2 GB file, appears to be a dump of the site's users database.
The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps.
Some of the most sensitive data points included in the file include:
Real names
Email addresses
City, state, and ZIP details
Body details
Dating preferences
Marital status
Birth dates
Latitude and longitude
IP addresses
Bcrypt-hashed account passwords
Facebook user IDs
Facebook authentication tokens
meetmindful-db-sample.png
Image: ZDNet
Messages exchanged by users were not included in the leaked file; however, this does not make the entire incident less sensitive.
While not all leaked accounts have full details included, for many MeetMindful users, the provided data can be used to trace their dating profiles back to their real-world identities.
When we reached out for comment to MeetMindful on Thursday via Twitter, a MeetMindful spokesperson redirected our request to an email address from where we have not heard back for three days.
In the meantime, the forum thread where the MeetMindful data was leaked has been viewed more than 1,500 times and most likely downloaded, in many cases.
The data is still available for download on the public file-hosting site where it was initially uploaded.
The site's data was released by a threat actor who goes online as ShinyHunters, who earlier this week also leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel.
A request for comment sent to an email address previously used by ShinyHunters was not answered.
The leak of this highly sensitive data represents a looming issue for the site's users and the main reason why MeetMindful needs to notify account holders.
Over the past few years, many cybercrime groups have engaged in a practice called sextortion, where they take data leaked from dating sites and contact site users, threatening to expose their dating profiles and history to family or work colleagues unless they're paid a ransom demand.