Image: ZDNet
A well-known hacker this week leaked the details of more than 2.28 million registered users to MeetMindful.com, a dating site founded in 2014, ZDNet learned this week from a security researcher.
The dating site data was shared for free download on a publicly accessible hacking forum known for its hacked database trade.
The leaked data, a 1.2 GB file, appears to be a dump from the website’s user database.
The contents of this file include a wide variety of information that users provide when setting up profiles on the MeetMindful website and mobile applications.
Some of the most sensitive data points included in the file include:
- Real names
- Email address
- City, state and zip code details
- Body details
- Dating preferences
- marital status
- Dates of birth
- Latitude and longitude
- IP addresses
- Account passwords with Bcrypt hash
- Facebook user IDs
- Facebook authentication tokens
Image: ZDNet
The messages exchanged by users were not included in the leaked file; however, this does not make the whole incident less sensitive.
While not all leaked accounts have all the details included, for many MeetMindful users, the data provided can be used to track their dating profiles to their real-world identities.
When we contacted MeetMindful to comment on Thursday via Twitter, a MeetMindful spokesperson redirected our request to an email address from which we had not received a response for three days.
Meanwhile, the forum thread where MeetMindful data was leaked has been viewed more than 1,500 times and has probably been downloaded in many cases.
The data is still available for download on the public file hosting site where it was initially uploaded.
The website data was released by an online threat actor like ShinyHunters, who earlier this week also leaked the details of millions of registered users on Teespring, a portal that allows users to create and sell custom-printed clothing.
A comment request sent to an email address previously used by ShinyHunters has not been answered.
Leaking this highly confidential data poses an imminent problem for website users and the main reason why MeetMindful needs to notify account holders.
In recent years, many cybercrime groups have engaged in a practice called sextortion, in which they take leaked data from dating sites and contact users of the site, threatening to expose their dating profiles and history to family members or coworkers. , unless they receive a ransom demand.