Hacker leaks data from 2.28 million dating users

A well-known hacker this week disclosed the details of more than 2.28 million registered users on MeetMindful.com, a dating site founded in 2014, ZDNet learned this week from a security researcher.

Data from the dating site was shared as a free download on a publicly accessible hacking forum known for its hacked database business.

The leaked data, a 1.2 GB file, appears to be a dump of the site’s user database.

The contents of this file include a wealth of information that users provided when setting up profiles on the MeetMindful site and mobile apps.

Some of the more sensitive data points included in the file include:

• Real names
• Email addresses
• City, state and zip code details
• Body details
• Dating Preferences
• Civil status
• Dates of birth
• Latitude and longitude
• IP addresses
• Bcrypt hashed account passwords
• Facebook user ID
• Facebook authentication tokens

Messages exchanged by users were not included in the disclosed file; however, this does not make the whole incident less sensitive.

While not all leaked accounts contain all of the details, for many MeetMindful users, the data provided can be used to trace their dating profiles back to their actual identity.

When we asked MeetMindful for comment Thursday via Twitter, a spokesperson for MeetMindful redirected our request to an email address that we haven’t received a response from for three days.

In the meantime, the thread on which the MeetMindful data was leaked has been viewed more than 1,500 times and probably downloaded, in many cases.

The data is still available for upload to the public file hosting site where it was originally uploaded.

The site’s data was released by a threat actor who goes online as ShinyHunters, who also earlier this week disclosed details of millions of registered users on Teespring, a web portal that allows users to create and sell custom printed clothing.

A request for comment sent to an email address previously used by ShinyHunters did not receive a response.

The leak of this highly sensitive data is an imminent problem for site users and the main reason MeetMindful needs to notify account holders.

In recent years, many cybercrime groups have engaged in a practice called sextortion, in which they collect data leaked from dating sites and contact site users, threatening to expose their profiles and dating history. to their family or co-workers unless they are paid a ransom demand.