Image: ZDNet
A well-known hacker this week leaked the details of more than 2.28 million users registered on MeetMindful.com, a dating site founded in 2014. ZDNet learned from a safety researcher this week.
The data from the dating site was shared as a free download on a publicly accessible hacking forum known for trading in hacked databases.
The leaked data, a 1.2 GB file, appears to be a dump from the site’s user database.
The contents of this file contain a wealth of information provided by users when compiling profiles on the MeetMindful site and mobile applications.
Some of the most sensitive data points included in the file include:
- Real names
- Email address
- City, state and postal details
- Body details
- Dating preferences
- Marriage status
- Date of birth
- Latitude and longitude
- IP address
- Bcrypt passwords for accounts
- Facebook User IDs
- Facebook Support Tokens
Image: ZDNet
Messages exchanged by users were not included in the leaked file; however, it does not make the whole incident any less sensitive.
Although not all leaked accounts contain complete information, the data provided can be used for many MeetMindful users to trace their dating profiles to their true identity.
When we reached out to Twitter for comments via MeetMindful on Thursday, a MeetMindful spokesperson redirected our request to an email address we had not heard from for three days.
Meanwhile, the forum thread where the MeetMindful data was leaked has been viewed more than 1,500 times and in many cases probably downloaded.
The data is still available for download on the public file hosting website where it was initially uploaded.
The website’s data was released by a threat actor going online as ShinyHunters, which earlier this week also leaked the details of millions of users registered on Teespring, a web portal that allows users to create and sell custom clothing.
A request for comment sent to an email address previously used by ShinyHunters has not been answered.
The leakage of this extremely sensitive data is a looming issue for users of the site and the main reason why MeetMindful should notify account holders.
Over the past few years, many cybercrime groups have a practice called sextortion, where they take data leaked from dating sites and contact users of the site, and threaten to expose their dating profiles and history to family or work colleagues unless they pay a ransom. claim.