Dating App Giants Investigate ShinyHunters Breaches

Cybercrime collective ShinyHunters has claimed responsibility for separate cybersecurity incidents targeting Bumble and Match Group, prompting both companies to confirm investigations in late January 2026. Bumble reported that a contractor’s account was compromised through a phishing attack, leading to brief unauthorized access to a limited portion of its network. The company stated that access was quickly terminated and emphasized that no member database, user accounts, private messages, or dating profiles were affected. Bumble contacted law enforcement and engaged external cybersecurity experts to investigate the incident.

Match Group, parent company of Tinder, Hinge, OkCupid, and Match.com, acknowledged a security event involving a limited amount of user data. The company said preliminary findings indicate no compromise of login credentials, financial information, or private communications. Match Group is notifying affected individuals as appropriate and working with external experts to assess the scope.

ShinyHunters posted claims on its dark web leak site, alleging theft of thousands of internal Bumble documents – primarily from Google Drive and Slack – and over 10 million records from Match Group platforms including Hinge, Match, and OkCupid. Cybernews researchers reviewed samples attached to the posts, identifying personal customer data, employee details, internal corporate files, Hinge match logs, profile information (names, bios), transaction records (subscription payments), IP addresses, and debugging logs. Some files appeared to include test data or duplication, and not all were clearly attributed to specific apps.

ShinyHunters, a financially motivated group known for high-profile data theft and extortion campaigns, has targeted sectors including insurance, retail, and aviation. Recent activity includes alleged breaches of Salesforce, Crunchbase, SoundCloud, and Panera Bread, often involving voice phishing (vishing) and deceptive SSO login portals.