A hacker using the pseudonym ShinyHunters has reportedly leaked personal details of 2.28 million users of dating site MeetMindful on a hacker forum accessible to the public.
The massive leak of the personal data of millions was first reported by ZDNet who learned from a security researcher that the massive data dump was made available to download for free on a hacker forum. The publicly-accessible forum has since been visited over 1,500 times, indicating that the data may already have been circulated among data brokers and cyber criminals.
According to ZDNet, the 1.2GB file of raw data contained MeetMindful users' personal information like real names, dates of birth, location, email addresses, hashed passwords, marital status, dating preferences, and body details. The database also contained additional details of users such as their Facebook user IDs and their Facebook authentication tokens.
MeetMindful projects itself as a social networking platform that helps people connect and build strong relationship foundations. The company was founded in 2014 but despite boasting millions of users, it doesn't seem to be much popular based on user reviews and star ratings on the Google Play Store.
ZDNet attempted to contact MeetMindful via Twitter following the data leak but has not been successful in drawing a response from the company. “When we reached out for comment to MeetMindful on Thursday via Twitter, a MeetMindful spokesperson redirected our request to an email address from where we have not heard back for three days,” it said.
This is not the first time that ShinyHunters has claimed responsibility for leaking the personal details of millions. Earlier this month, the hacker leaked around 1.9 million user records associated with online photo editing site Pixlr on a dark web forum along with data stolen from other websites.
ShinyHunters claimed in the dark web forum, where he shared all 1,921,141 Pixlr user records for free, that he gained access to these details after breaching the 123RF stock photo site which, like Pixlr, is also owned by Inmagine. He also claimed that he downloaded the database from Pixlr's AWS bucket at the end of 2020.
According to Bleeping Computer, ShinyHunters is well-known for hacking into websites and selling large troves of stolen information via data brokers on the dark web. The victims of ShinyHunters include 123RF, Tokopedia, Homechef, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, and others.