Hackers are always on the move, lurking in the dark, targeting platforms to find weaknesses to exploit.
When they find one, they will try to exploit it, to then move in quickly in order to steal whatever they can, and get out before the alarm is triggered.
And this time, a hacker managed to steal, and then leak the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014.
According to ZDNet that first reported it from a security researcher, the dating site's data has been shared as a free download on a publicly accessible hacking forum known for trading hacked databases.
The leaked data that comes as a file 1.2GB in size, appears to be a dump of the site's users database, and contains a wealth of sensitive information the users have provided when they set up profiles on the MeetMindful site and mobile apps.
The hacker that goes online with the name 'ShinyHunters', is already a well-known individual in the underground community, and has been involved in several data breaches in the past.
According to the report, MeetMindful users have the following data leaked:
- Real names.
- Email addresses.
- City, state, and ZIP details.
- Body details.
- Dating preferences.
- Marital status.
- Birth dates.
- Latitude and longitude.
- IP addresses.
- Bcrypt-hashed account passwords.
- Facebook user IDs.
- Facebook authentication tokens.
Messages exchanged between users weren't leaked.
While not all leaked accounts have all the details included, due to the fact that not all of the users provided them to MeetMindful, but still, the leaked data can be used to trace their dating profiles back to their real-world identities.
As a result, this kind of data can be used by malicious actors to conduct 'sextortion', which is a practice where leaked data is used to threaten the users unless the malicious actors are paid.
This kind of sensitive data can also be used to scam victims, or even harass them.
In the meantime, MeetMindful has posted a warning on its website, stating it had sent an email to all users that were affected by this incident.
It explained that only users who registered prior to March 2020 were affected by this data breach. Users who joined the platform after that date, or those who have updated their profiles, weren't affected.
MeetMindful also said that it has addressed the vulnerability in its system, and said that it "was able to export an outdated version of a list of basic user information."