ShinyHunters Claim Breach of Match Group, Exposing Data Linked to Hinge, Match.com, and OkCupid

CyberDefender 4 mins0

A cybercriminal group known as ShinyHunters claims it has breached Match Group, the U.S.-based parent company behind several major dating platforms, and leaked data tied to millions of users.

According to the attackers, the leaked archive is roughly 1.7 GB in size and contains more than 10 million lines of data. The dataset is said to include information linked to Hinge, Match.com, and OkCupid.

Some reports have also mentioned Tinder because it is owned by Match Group. However, the threat actors themselves did not explicitly claim that Tinder user data was part of this leak.

What kind of data was exposed?

Based on reporting and samples reviewed by researchers, the leaked material appears to include:

  • User-related records, such as user IDs, IP addresses, and potentially subscription or transaction-related logs
  • Internal corporate files, including emails, receipts, system logs, and debugging information

Notably, the data seems to originate from an AppsFlyer dataset. This suggests the exposure may be tied to a third-party mobile analytics service, rather than a direct compromise of the dating apps’ core production databases.

Important: Match Group says there is no evidence that passwords, financial details, or private messages were accessed as part of this incident.

Match Group’s response

Match Group has confirmed it is aware of the situation and says it has shut down the unauthorized access with assistance from external cybersecurity experts.

According to the company, its ongoing investigation indicates that:

  • The incident affects a limited subset of user data
  • There is no confirmed exposure of login credentials, payment information, or private chats

Match Group has also stated that it is notifying affected users where appropriate, in line with regulatory and legal requirements.

What this means for users

While the most sensitive data does not appear to be involved, the exposure could still raise risks, including:

  • An increased chance of phishing or scam attempts using leaked identifiers or IP-related information
  • Social engineering attacks, where even basic metadata can be exploited to make scams more convincing

As a precaution, users may want to change their passwords, enable multi-factor authentication (MFA) where available, and keep a close eye on their accounts for any unusual activity.

Quick take

  • Breach: Match Group data exposure
  • Claimed by: ShinyHunters
  • Scope: 10M+ records linked to Hinge, Match.com, and OkCupid
  • Confirmed impact: Limited so far, investigation ongoing
  • Passwords / financial data: No confirmed exposure

CyberDefender