Hackers leak data from 2.28 million MeetMindful users

Millions of Dating Site Users Meet had some nasty news on Sunday. ZDNet reported that the hacker group ShinyHunters, the same group that leaked millions of the user records of the company that listed the “Camp Auschwitz” shirts, emptied what appears to be data from the dating site’s user database. The leak allegedly contains the sensitive information of more than 2.28 million registered users of the site.

According to ZDNet, the 1.2 gigabyte file was shared as a free download “on a publicly accessible hacking forum known for its pirated database business.”. “ It included loads of sensitive and identifiable users information, including real names, email addresses, city, state and zip code, dates of birth, IP addresses, Facebook IDs, and Facebook authentication tokens, among others. The messages, however, were not exposed.

The point of sale, which included screenshots of the file posted to the hacker forum as well as a small sample of the data on display, points out that not all disclosed accounts include all user details. Nonetheless, he said the leaked information could be used to link individuals‘dating profiles to their real world identities. The hacking forum on which the data was posted has been viewed over 1,500 times. Depending on the point of sale, it is still available for download.

ZDNet said it was made aware of the leak by a security researcher, whom it did not name, earlier this week. He added that he reached out to MeetMindful on Thursday to request comment on the matter but had not received a response in days.

Gizmodo also reached out to MeetMindful to ask them about the reported hack. We will make sure to update this blog if we have a response.

According to his Crunchbase profile, MeetMindful is a dating platform for “people who love health, wellness and mindfulness”. It was founded in 2013, is based in Denver, Colorado, and is still active.

This is where it starts to get a little weird, however. The site listing social media channels have been inactive for months, which is interesting given that the main dating apps growth during the pandemic. I mean, don’t they want to encourage their users to date them (safely)? From the outside, the service looks like a dead zone. Who knows though, it could be all the rage inside the site itself.

It is not known if MeetMindful notified the incident to its users. If that’s true, users should know it so they can be on the lookout for suspicious activity and change usernames and passwords as needed. Bottom line: get moving.

[ZDNet]