Data belongs to dating site MeetMindful and features everything from original names to Facebook account tokens, and from email addresses and geolocation information.
This week a notorious hacker has leaked this week the details of above 2.28 million users registered on MeetMindful.com, a dating website founded in 2014.
Dissociate yourself from the internet, conceal your identity and delete your online presence
The dating site’s data has been shared as a free download on a publicly accessible hacking forum known for its business of hacked databases.
The leaked data, a 1.2 GB file, seems to be a dump of the site’s users database.
The content of this file comprises of a wealth of information that users provided after they set up profiles on the MeetMindful site and mobile apps.
Few of the most sensitive data points featured in the file include:
- Real names
- Email addresses
- City, state, and ZIP details
- Body details
- Dating preferences
- Marital status
- Birth dates
- Latitude and longitude
- IP addresses
- Bcrypt-hashed account passwords
- Facebook user IDs
- Facebook authentication tokens
Messages communicated among users were not included in the leaked file. But, this does not make the entire incident less sensitive.
While not all leaked accounts comprise full details included, for many MeetMindful users, the provided data can be applied to find their dating profiles back to their real-world identities.
Meanwhile, the forum thread where the MeetMindful data was leaked has been seen more than 1,500 times and most probably downloaded, in many cases.
The data can still be downloaded on the public file-hosting site where it was initially uploaded.
The site’s data was made public by a threat actor called ShinyHunters, who earlier this week also leaked the details of millions of users registered on Teespring, a web portal that allows users create and sell custom-printed apparel.
The leak of this highly sensitive data is a concern for the site’s users and the main reason why MeetMindful needs to notify account holders.
Over the past few years, many cybercrime groups are involved in a practice called sextortion, where they take data leaked from dating sites and contact site users, threatening to expose their dating profiles and history to family or work colleagues unless they’re paid a ransom demand.