The dating apps Bumble and Match have been attacked by the cybercriminal group known as ShinyHunters, responsible for compromising internal data from multiple large companies. According to reports, the group has added both companies to its data leak site, claiming the theft of thousands of documents classified as restricted and confidential, primarily sourced from Google Drive and Slack.
Sometimes dates don’t go well
Bloomberg reports that Bumble, which also operates Badoo and BFF, contacted authorities after one of its contractors’ accounts was compromised in a phishing incident. A spokesperson for Bumble stated that the attackers were able to unauthorizedly access a small portion of their network, but they do not believe that member data, including accounts, direct messages, or profiles, has been affected.
For its part, Match confirmed that it suffered a cyber incident on January 28, which impacted a limited amount of user data. The company is notifying the affected individuals and assured that there is no evidence that access credentials, financial information, or private communications have been compromised.
ShinyHunters has been in the spotlight recently for its successful attacks on several large companies and for its focus on data exfiltration, having abandoned the practice of ransomware. This group has been targeting single sign-on platforms like Okta and Microsoft, and there are warnings for organizations, especially in the United States, about phishing attempts by individuals impersonating technical support staff.