More than 2.28 million members of the online dating site MeetMindful have reportedly been caught up in a wide-ranging data breach that exposes everything from Facebook tokens to physical characteristics.
The ShinyHunters hacking group has stolen and published the personally identifiable (PII) data of MeetMindful users, according to [a report](<https://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/>) from ZDNet. The data has been made available as a free download on a “publicly accessible hacking forum known for its trade in hacked databases,” according to a security researcher speaking anonymously to the outlet.
In total the data makes up a 1.2 GB file, which has 1,500 views in the public forum. How many times it has been downloaded is unknown.
[](<https://threatpost.com/newsletter-sign/>)
[MeetMindful](<https://www.meetmindful.com/>) combines a dating platform with a focus on wellness, life-coach articles, “intentional living” tips and musings on spirituality.
The file collects the information together that MeetMindful users provided when they registered to use the service and set up their profiles. Thus, it includes names; emails; city, state and ZIP codes; dating preferences; birth dates; marital status; IP addresses; and Bcrypt-protected account passwords, according to the researcher’s findings. However, other potentially more sensitive information is also included for some users, like dating preferences; “body details”; and even latitude and longitude. To boot, Facebook user IDs and authentication tokens are part of the harvest as well.
Threatpost reached out to MeetMindful for confirmation and comment, but has received no response as of press time.
## Numerous Attacks Possible
Security researchers noted that dating apps in particular represent a highly attractive target for cybercriminals.
“Cyberattackers are increasingly targeting individuals on dating platforms across both mobile and desktop,” Hank Schless, senior manager of Security Solutions at Lookout, told Threatpost. “They’re doing this because these apps are a treasure trove of personal data that require lots of device permissions such as location, access to the camera and access to contacts in order to work.”
This particular breach comes on the tail of Interpol’s [warning of financial scams](<https://threatpost.com/investment-scammers-dating-app-interpol/163179/>) being carried out in dating apps, he noted.
“Each of these incidents shows that there’s no one way that attackers seek to attack dating app users,” he said. “Both app developers and users need to be wary of the risks involved with trusting so much personal data to mobile apps. App developers need to embed security into their mobile apps and keep their infrastructure security up to date as malicious tactics evolve. App users should be careful about how they interact with people on dating apps and have a mobile security app installed that keeps them safe. Social-engineering is a common tactic to phish users, get them to share personal information, or convince them to download a malicious app.”
There’s also a sextortion trend of leveraging sexual preferences and other highly personal information found in dating platforms against the user.
“Attackers realize that individuals may be willing to pay a high price to keep these personal details from being widely distributed,” Schless said. “Lookout recently discovered a sextortion campaign called Goontact that targeted users of illicit sites, typically offering escort services, to steal personal data from their mobile phone.”
Dirk Schrader, global vice president at New Net Technologies (NNT), noted that a number of attacks are possible using this level of information.
“This combination of data points included in the data is nothing less than toxic. The simplest of approaches is to set up some filters in the data, such as marital status and try some extortion on the results using email,” he told Threatpost. “A more sinister one is to use the different data points to lure people into phishing attempts at their work place. However, as Big Data is not unknown to hackers it will require just a little more research about the Facebook accounts and email addresses.”
## **ShinyHunters Strikes Again**
The site’s data was released by a well-known steal-and-leak actor known as ShinyHunters. The group made a splash last May, [allegedly compromising](<https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/>) 73.2 million user records from more than 11 companies worldwide, including online delivery services [like Homechef](<https://threatpost.com/home-chef-data-breach-8-million-records/156031/>), photo-print service ChatBooks, and Chronicle.com, a news source for higher education.
The largest ShinyHunters heist involved [stealing log-in data](<https://www.hackread.com/tokopedia-hacked-login-details-sold-on-dark-web/>) for 91 million users of Indonesia’s largest e-commerce platform, Tokopedia, and then selling it on the dark web for $5,000.
The group also last year claimed that it broke into [Microsoft’s GitHub account](<https://threatpost.com/report-microsofts-github-account-gets-hacked/155587/>) and stole 500 GB of data from the tech giant’s own private repositories on the developer platform.
Last week, the group leaked details 12.8 million Teespring users, a web portal that lets users create and sell custom-printed apparel. They offered the data for free, in what researchers said was a likely sabotage of another data broker’s deal.
## **Cloud Environments in Hacker Crosshairs**
It’s unclear how ShinyHunters were able to access the site’s data, but cybersecurity expert and CTO of Cymulate Avihai Ben-Yossef suspects a cloud misconfiguration.
“The attacker ShinyHunters…has a penchant for going after cloud-first companies — those who put their infrastructure in the cloud from the outset,” he said via email. “There is much to be done to shore up cloud hygiene – multifactor authentication, good certificate and identity store management, better configuration and account control, better segmentation of the workloads, etc.; alongside continuous security assessment.”
Schrader noted, “Little seems to be known about the attack itself, but it should not come as a surprise if they missed out on all basic security control about vulnerabilities, patching, change control and File Integrity Monitoring.”
**Download our exclusive **[**FREE Threatpost Insider eBook**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=FEATURE&utm_medium=FEATURE&utm_campaign=Nov_eBook>) [_**Healthcare Security Woes Balloon in a Covid-Era World**_](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook>)** , sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and **[**DOWNLOAD the eBook now**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook>)** – on us!**
{"id": "THREATPOST:70C1B10574BA45FFD0DB0F2FF5037883", "vendorId": null, "type": "threatpost", "bulletinFamily": "info", "title": "2.28M MeetMindful Daters Compromised in Data Breach", "description": "More than 2.28 million members of the online dating site MeetMindful have reportedly been caught up in a wide-ranging data breach that exposes everything from Facebook tokens to physical characteristics.\n\nThe ShinyHunters hacking group has stolen and published the personally identifiable (PII) data of MeetMindful users, according to [a report](<https://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/>) from ZDNet. The data has been made available as a free download on a \u201cpublicly accessible hacking forum known for its trade in hacked databases,\u201d according to a security researcher speaking anonymously to the outlet.\n\nIn total the data makes up a 1.2 GB file, which has 1,500 views in the public forum. How many times it has been downloaded is unknown.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n[MeetMindful](<https://www.meetmindful.com/>) combines a dating platform with a focus on wellness, life-coach articles, \u201cintentional living\u201d tips and musings on spirituality.\n\nThe file collects the information together that MeetMindful users provided when they registered to use the service and set up their profiles. Thus, it includes names; emails; city, state and ZIP codes; dating preferences; birth dates; marital status; IP addresses; and Bcrypt-protected account passwords, according to the researcher\u2019s findings. However, other potentially more sensitive information is also included for some users, like dating preferences; \u201cbody details\u201d; and even latitude and longitude. To boot, Facebook user IDs and authentication tokens are part of the harvest as well.\n\nThreatpost reached out to MeetMindful for confirmation and comment, but has received no response as of press time.\n\n## Numerous Attacks Possible\n\nSecurity researchers noted that dating apps in particular represent a highly attractive target for cybercriminals.\n\n\u201cCyberattackers are increasingly targeting individuals on dating platforms across both mobile and desktop,\u201d Hank Schless, senior manager of Security Solutions at Lookout, told Threatpost. \u201cThey\u2019re doing this because these apps are a treasure trove of personal data that require lots of device permissions such as location, access to the camera and access to contacts in order to work.\u201d\n\nThis particular breach comes on the tail of Interpol\u2019s [warning of financial scams](<https://threatpost.com/investment-scammers-dating-app-interpol/163179/>) being carried out in dating apps, he noted.\n\n\u201cEach of these incidents shows that there\u2019s no one way that attackers seek to attack dating app users,\u201d he said. \u201cBoth app developers and users need to be wary of the risks involved with trusting so much personal data to mobile apps. App developers need to embed security into their mobile apps and keep their infrastructure security up to date as malicious tactics evolve. App users should be careful about how they interact with people on dating apps and have a mobile security app installed that keeps them safe. Social-engineering is a common tactic to phish users, get them to share personal information, or convince them to download a malicious app.\u201d\n\nThere\u2019s also a sextortion trend of leveraging sexual preferences and other highly personal information found in dating platforms against the user.\n\n\u201cAttackers realize that individuals may be willing to pay a high price to keep these personal details from being widely distributed,\u201d Schless said. \u201cLookout recently discovered a sextortion campaign called Goontact that targeted users of illicit sites, typically offering escort services, to steal personal data from their mobile phone.\u201d\n\nDirk Schrader, global vice president at New Net Technologies (NNT), noted that a number of attacks are possible using this level of information.\n\n\u201cThis combination of data points included in the data is nothing less than toxic. The simplest of approaches is to set up some filters in the data, such as marital status and try some extortion on the results using email,\u201d he told Threatpost. \u201cA more sinister one is to use the different data points to lure people into phishing attempts at their work place. However, as Big Data is not unknown to hackers it will require just a little more research about the Facebook accounts and email addresses.\u201d\n\n## **ShinyHunters Strikes Again**\n\nThe site\u2019s data was released by a well-known steal-and-leak actor known as ShinyHunters. The group made a splash last May, [allegedly compromising](<https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/>) 73.2 million user records from more than 11 companies worldwide, including online delivery services [like Homechef](<https://threatpost.com/home-chef-data-breach-8-million-records/156031/>), photo-print service ChatBooks, and Chronicle.com, a news source for higher education.\n\nThe largest ShinyHunters heist involved [stealing log-in data](<https://www.hackread.com/tokopedia-hacked-login-details-sold-on-dark-web/>) for 91 million users of Indonesia\u2019s largest e-commerce platform, Tokopedia, and then selling it on the dark web for $5,000.\n\nThe group also last year claimed that it broke into [Microsoft\u2019s GitHub account](<https://threatpost.com/report-microsofts-github-account-gets-hacked/155587/>) and stole 500 GB of data from the tech giant\u2019s own private repositories on the developer platform.\n\nLast week, the group leaked details 12.8 million Teespring users, a web portal that lets users create and sell custom-printed apparel. They offered the data for free, in what researchers said was a likely sabotage of another data broker\u2019s deal.\n\n## **Cloud Environments in Hacker Crosshairs**\n\nIt\u2019s unclear how ShinyHunters were able to access the site\u2019s data, but cybersecurity expert and CTO of Cymulate Avihai Ben-Yossef suspects a cloud misconfiguration.\n\n\u201cThe attacker ShinyHunters\u2026has a penchant for going after cloud-first companies \u2014 those who put their infrastructure in the cloud from the outset,\u201d he said via email. \u201cThere is much to be done to shore up cloud hygiene \u2013 multifactor authentication, good certificate and identity store management, better configuration and account control, better segmentation of the workloads, etc.; alongside continuous security assessment.\u201d\n\nSchrader noted, \u201cLittle seems to be known about the attack itself, but it should not come as a surprise if they missed out on all basic security control about vulnerabilities, patching, change control and File Integrity Monitoring.\u201d\n\n**Download our exclusive **[**FREE Threatpost Insider eBook**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=FEATURE&utm_medium=FEATURE&utm_campaign=Nov_eBook>) [_**Healthcare Security Woes Balloon in a Covid-Era World**_](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook>)** , sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and **[**DOWNLOAD the eBook now**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook>)** \u2013 on us!**\n", "published": "2021-01-25T21:08:02", "modified": "2021-01-25T21:08:02", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://threatpost.com/meetmindful-daters-compromised-data-breach/163313/", "reporter": "Tara Seals", "references": ["https://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/", "https://threatpost.com/newsletter-sign/", "https://www.meetmindful.com/", "https://threatpost.com/investment-scammers-dating-app-interpol/163179/", "https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/", "https://threatpost.com/home-chef-data-breach-8-million-records/156031/", "https://www.hackread.com/tokopedia-hacked-login-details-sold-on-dark-web/", "https://threatpost.com/report-microsofts-github-account-gets-hacked/155587/", "https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=FEATURE&utm_medium=FEATURE&utm_campaign=Nov_eBook", "https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook", "https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook"], "cvelist": [], "immutableFields": [], "lastseen": "2021-01-26T15:11:56", "viewCount": 54, "enchantments": {"dependencies": {"references": []}, "score": {"value": -0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_810DF820366411E18FE300215C6A37BB.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:050A36E6453D4472A2734DA342E95366"]}]}, "exploitation": null, "vulnersScore": -0.4}, "_state": {"dependencies": 1678920471, "score": 1684007085, "epss": 1679062491}, "_internal": {"score_hash": "76dd4eaf1a052eb660bc316cedbeabe9"}}