ShinyHunters claims to have stolen over 10 million records from Match Group, including user data tied to Hinge, Match.com, and OkCupid as well as hundreds of internal documents allegedly exposed via AppsFlyer. Match Group says it has terminated unauthorized access and is investigating with external experts, believes a limited amount of user data was accessed while login credentials and financial information appear unaffected, and ShinyHunters has also posted alleged Bumble files and been linked to a campaign abusing stolen Okta SSO credentials. #ShinyHunters #MatchGroup
Keypoints
- ShinyHunters claims more than 10 million records were stolen from Match Group, affecting Hinge, Match.com, and OkCupid.
- The leak allegedly includes user data, hundreds of internal documents, and appears connected to AppsFlyer data exposure.
- Match Group says it has ended the unauthorized access, is investigating, and believes login credentials and financial data were not accessed.
- ShinyHunters also posted alleged Bumble data and has been linked to a broader campaign abusing stolen Okta SSO credentials targeting many organizations.
- The incident highlights how third-party analytics and vendor access can expose extensive behavioral and location data.
Read More: https://www.theregister.com/2026/01/29/shinyhunters_match_group/