Match Group confirmed a cybersecurity incident after the ShinyHunters threat group leaked 1.7 GB of files allegedly containing user records and internal documents from Hinge, Match, and OkCupid. The company says a limited amount of user data was accessed via a compromised Okta SSO account but that there is no indication of stolen log-in credentials, financial information, or private communications. #ShinyHunters #MatchGroup
Keypoints
- Match Group confirmed data was stolen and a 1.7 GB leak was published by ShinyHunters.
- Leaked files allegedly include records for Hinge, Match, and OkCupid plus internal documents.
- Attackers accessed AppsFlyer, Google Drive, and Dropbox after compromising an Okta SSO account using vishing and a phishing domain.
- Match Group reports no evidence that log-in credentials, financial data, or private communications were accessed and is notifying affected users.
- Security experts recommend phishing-resistant MFA (FIDO2/passkeys), strict app authorization policies, and monitoring for anomalous API activity.