Millions of users of the dating site MeetMindful got some unpleasant news on Sunday. ZDNet reported that the hacker group ShinyHunters, the same group who leaked millions of user records for the company that listed the “Camp Auschwitz” shirts, has dumped what appears to be data from the dating site’s user database. The leak purportedly contains the sensitive information of more than 2.28 million of the site’s registered users.
According to ZDNet, the 1.2 gigabyte file was shared as a free download “on a publicly accessible hacking forum known for its trade in hacked databases.” It included troves of sensitive and identifiable user information, including real names, email addresses, city, state, and ZIP code details, birth dates, IP addresses, Facebook user IDs, and Facebook authentication tokens, among others. Messages, however, were not exposed.
The outlet, which included screenshots of the file posted to the hacker forum as well as a small sample of the data exposed, highlights that not all the leaked accounts include the user’s full details. Nonetheless, it stated that the information leaked could be used to link individuals’ dating profiles to their real-world identities. The hacking forum where the data was posted has been viewed more than 1,500 times. Per the outlet, it is still available for download.
ZDNet said it was informed of the leak by a security researcher, who it did not name, earlier this week. It added that it had contacted MeetMindful on Thursday to ask for a comment on the matter but had not received a response for days.
Gizmodo has also gotten in touch with MeetMindful to ask it about the reported hack. We’ll make sure to update this blog if we hear back.
According to its Crunchbase profile, MeetMindful is a dating site platform for “people who are into health, well-being, and mindfulness.” It was founded in 2013, is based in Denver, Colorado, and is still active.
Here’s where it starts to get a little strange, though. The site’s listed social media channels have been inactive for months, which is interesting considering that major dating apps have been growing during the pandemic. I mean, don’t they want to encourage their users to date (safely)? From the outside, the service seems like dead zone. Who knows though, it could be all the rage inside the site itself.
It is unclear whether MeetMindful has notified its users of the incident. If it’s true, users need to know so that they can be on the lookout for suspicious activity and change logins and passwords if necessary. Bottom line: Get moving.