ShinyHunters swipes right on 10M records in alleged dating app data grab
(2026/01/29)
- Reference: 1769699152
- News link: https://www.theregister.co.uk/2026/01/29/shinyhunters_match_group/
- Source link:
ShinyHunters has added a fresh notch to its breach belt, claiming it has pinched more than 10 million records from Match Group, a US firm that owns some of the world's most widely used swipe-based dating platforms.
The extort-and-leak crew says the stolen haul includes user data tied to Hinge, Match.com, and OkCupid, as well as hundreds of internal documents. A listing on ShinyHunters' dark web leak site, seen by The Register , claims "over 10 million lines" of data, and points to AppsFlyer, a marketing analytics provider, as the apparent source of the exposure.
Match Group confirmed to The Register that it is investigating what it described as a "recently identified security incident," and that some user data has likely been accessed.
[1]
"Match Group takes the safety and security of our users seriously and acted quickly to terminate the unauthorized access," a spokesperson said. "We continue to investigate with the assistance of external cybersecurity experts. There is no indication that user login credentials, financial information, or private communications were accessed. We believe the incident affects a limited amount of user data, and we are already in the process of notifying individuals, as appropriate."
[2]
[3]
The company declined to say what types of data were accessed, how many customers were affected, or whether a ransom demand had been made or paid.
[4]Let them eat sourdough: ShinyHunters claims Panera Bread as stolen credentials victim
[5]Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
[6]ShinyHunters claims Okta customer breaches, leaks data belonging to 3 orgs
[7]Congrats, cybercrims: You just fell into a honeypot
Security news outlet [8]Cybernews , which analyzed samples tied to the listing, said the trove appears to include personal customer data, some employee details, and internal corporate material. Its review also flagged Hinge subscription information in the mix, including user IDs, transaction IDs, amounts paid, and records linked to blocked installations, alongside IP addresses and location data.
In a separate post this week, ShinyHunters also said it had stolen data from rival dating service Bumble, uploading what it described as 30 GB of compressed files allegedly pulled from Google Drive and Slack. Bumble hasn't commented publicly. The Register contacted the company for comment, but did not receive a response.
All of this comes days after researchers said [9]ShinyHunters had targeted roughly 100 organizations in a campaign abusing stolen Okta single sign-on credentials, with big-name SaaS firms among those caught in the fray. Targeted organizations allegedly include Atlassian, AppLovin, Canva, Epic Games, Genesys, HubSpot, Iron Mountain, RingCentral, and ZoomInfo.
[10]
For anyone caught up in the alleged dating app haul, the takeaway isn't about missed matches or awkward swipes, but about just how much behavioral data gets quietly passed around behind the scenes. ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aXuSe8hTaLxIF_PVcqtWuwAAA1Q&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXuSe8hTaLxIF_PVcqtWuwAAA1Q&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aXuSe8hTaLxIF_PVcqtWuwAAA1Q&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2026/01/27/shinyhunters_claim_panera_bread/
[5] https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
[6] https://www.theregister.com/2026/01/23/shinyhunters_claims_okta_customer_breaches/
[7] https://www.theregister.com/2026/01/05/resecurity_honeypot_shinyhunters/
[8] https://cybernews.com/security/hinge-okcupid-data-leak-shinyhunters-claims/
[9] https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXuSe8hTaLxIF_PVcqtWuwAAA1Q&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[11] https://whitepapers.theregister.com/
The extort-and-leak crew says the stolen haul includes user data tied to Hinge, Match.com, and OkCupid, as well as hundreds of internal documents. A listing on ShinyHunters' dark web leak site, seen by The Register , claims "over 10 million lines" of data, and points to AppsFlyer, a marketing analytics provider, as the apparent source of the exposure.
Match Group confirmed to The Register that it is investigating what it described as a "recently identified security incident," and that some user data has likely been accessed.
[1]
"Match Group takes the safety and security of our users seriously and acted quickly to terminate the unauthorized access," a spokesperson said. "We continue to investigate with the assistance of external cybersecurity experts. There is no indication that user login credentials, financial information, or private communications were accessed. We believe the incident affects a limited amount of user data, and we are already in the process of notifying individuals, as appropriate."
[2]
[3]
The company declined to say what types of data were accessed, how many customers were affected, or whether a ransom demand had been made or paid.
[4]Let them eat sourdough: ShinyHunters claims Panera Bread as stolen credentials victim
[5]Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
[6]ShinyHunters claims Okta customer breaches, leaks data belonging to 3 orgs
[7]Congrats, cybercrims: You just fell into a honeypot
Security news outlet [8]Cybernews , which analyzed samples tied to the listing, said the trove appears to include personal customer data, some employee details, and internal corporate material. Its review also flagged Hinge subscription information in the mix, including user IDs, transaction IDs, amounts paid, and records linked to blocked installations, alongside IP addresses and location data.
In a separate post this week, ShinyHunters also said it had stolen data from rival dating service Bumble, uploading what it described as 30 GB of compressed files allegedly pulled from Google Drive and Slack. Bumble hasn't commented publicly. The Register contacted the company for comment, but did not receive a response.
All of this comes days after researchers said [9]ShinyHunters had targeted roughly 100 organizations in a campaign abusing stolen Okta single sign-on credentials, with big-name SaaS firms among those caught in the fray. Targeted organizations allegedly include Atlassian, AppLovin, Canva, Epic Games, Genesys, HubSpot, Iron Mountain, RingCentral, and ZoomInfo.
[10]
For anyone caught up in the alleged dating app haul, the takeaway isn't about missed matches or awkward swipes, but about just how much behavioral data gets quietly passed around behind the scenes. ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aXuSe8hTaLxIF_PVcqtWuwAAA1Q&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXuSe8hTaLxIF_PVcqtWuwAAA1Q&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aXuSe8hTaLxIF_PVcqtWuwAAA1Q&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2026/01/27/shinyhunters_claim_panera_bread/
[5] https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
[6] https://www.theregister.com/2026/01/23/shinyhunters_claims_okta_customer_breaches/
[7] https://www.theregister.com/2026/01/05/resecurity_honeypot_shinyhunters/
[8] https://cybernews.com/security/hinge-okcupid-data-leak-shinyhunters-claims/
[9] https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXuSe8hTaLxIF_PVcqtWuwAAA1Q&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[11] https://whitepapers.theregister.com/
Whoever thought putting private data in the cloud a good idea ?
Far better to find a partner by joining a local: dance club; walking group; gardening club; sports club; ... whatever activity rings your bell (maybe [1]literally !).
It might take a little more effort, but meat space not cyber space.
[1] https://en.wikipedia.org/wiki/Bell-ringer