A well-known hacker has leaked the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher.
The dating site's data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked databases.
The leaked data, a 1.2 GB file, appears to be a dump of the site's users database.
The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps.
Some of the most sensitive data points included in the file include:
- Real names
- Email addresses
- City, state, and ZIP details
- Body details
- Dating preferences
- Marital status
- Birth dates
- Latitude and longitude
- IP addresses
- Bcrypt-hashed account passwords
- Facebook user IDs
- Facebook authentication tokens
Messages exchanged by users were not included in the leaked file; however, this does not make the entire incident less sensitive.
While not all leaked accounts have full details included, for many MeetMindful users, the provided data can be used to trace their dating profiles back to their real-world identities.
When we reached out for comment to MeetMindful on Thursday via Twitter, a MeetMindful spokesperson redirected our request to an email address from where we have not heard back for three days.
In the meantime, the forum thread where the MeetMindful data was leaked has been viewed more than 1,500 times and most likely downloaded, in many cases.
The data is still available for download on the public file-hosting site where it was initially uploaded.
The site's data was released by a threat actor who goes online as ShinyHunters, who earlier this week also leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel.
A request for comment sent to an email address previously used by ShinyHunters was not answered.
The leak of this highly sensitive data represents a looming issue for the site's users and the main reason why MeetMindful needs to notify account holders.
Over the past few years, many cybercrime groups have engaged in a practice called sextortion, where they take data leaked from dating sites and contact site users, threatening to expose their dating profiles and history to family or work colleagues unless they're paid a ransom demand.