Tinder owner reports data breach

ShinyHunters claims data from multiple dating sites

Match Group, owner of online services Tinder, Match.com, Meetic, OkCupid and Hinge, is the latest to fall victim to the ShinyHunters threat group.

The company confirmed it is investigating a “recently identified security incident,” with some user data likely to have been accessed.

ShinyHunters was less circumspect. The hacking group says it has stolen more than 10 million records from Match Group, which includes user data for several websites as well as internal documents.

On its dark web site, ShinyHunters claims to have grabbed “over 10 million lines" of data. It also implicates AppsFlyer, a third-party marketing analytics provider, as its way into Match's network, though the company disputes that.

“[The leak] did not originate from AppsFlyer, nor did it involve a data breach, security incident, or compromise of AppsFlyer’s systems,” the firm told Cybernews.

“Any suggestion that AppsFlyer was the source of the incident, or that data was exposed due to a compromise of AppsFlyer’s systems, is misleading and inaccurate, and may be damaging to AppsFlyer."

In a statement, Match Group said it is aware of the claims and “acted quickly to terminate the unauthorised access.” It is currently working through an investigation with external experts, and there is “no indication that user login credentials, financial information, or private communications were accessed.”

According to Cybernews, which has analysed samples of the allegedly stolen data, it stems from Hinge, Match.com and OkCupid, and includes personal customer data, some employee details and corporate information.

The exposed details also appear to include documents from Vivaldi, a dating app for Indian audiences.

ShinyHunters is an aggressive hacking group, which temporarily stepped back in late 2024 after a high-profile arrest.

Since then, though, it has returned to the scene with multiple confirmed strikes, including being linked to an attack on Salesforce last year.