Crypto hacking collective ShinyHunters claims that it has leaked more than 10 million user records from Match Group-owned dating apps Match, Hinge, and OKCupid.
As reported by Lithuanian outlet Cybernews, according to the group’s dark web blog, the stolen data includes user ID’s, IP addresses, and “other sensitive information.”
The post also suggests that the data was procured via mobile analytics platform AppsFlyer.
Cybernews’ research team was able to assess the stolen data and found an array of personal information, corporate records, and transaction data.
Read more: French crypto tax firm targeted in ShinyHunters extortion attempt
For example, it includes Hinge matches and the profiles of those matching. It also includes the IDs of those paying for Hinge subscriptions, as well as employee emails and contracts for the different dating apps.
The data also reportedly includes details from the Indian dating app Vivald.
Researchers claimed, “The sample includes lists of dating profiles, logs of profile changes, but some documents do not indicate which dating app the records belong to.”
The publication added that, despite the data containing some “identifiers,” it doesn’t “reveal much personal information about the users.”
Regardless, researchers said that the nature of leaked personal dating information means it “can be used to craft personally catered fraud campaigns and scams that may have a stronger psychological effect than an average phishing email.”
ShinyHunters extorted AT&T for six bitcoin
ShinyHunters often attempts to extort its victims first with a crypto bribe that promises the data won’t be leaked, such as when AT&T paid it six bitcoin, worth $373,000.
The group targeted the French crypto tax firm Waltio last week. Instead of paying a crypto ransom to prevent the data leak of 50,000 of its users, Waltio took legal action with France’s Public Prosecution Office for attempted extortion and an attack on their data systems.
More recently, ShinyHunters claims to have leaked 14 million records from US bakery chain Panera Bread.
When this stolen data is shared on the dark web, user data can be sold to criminals to help them target victims with phishing campaigns or physical attacks.