Match Group Suffers Data Breach of 10 Million Records

Cybercrime group ShinyHunters has claimed responsibility for stealing over 10 million records from Match Group platforms, including Hinge, OkCupid, and Match.com. The alleged breach was announced on the group’s dark web leak site on January 27-28, 2026, with attackers posting a 1.7GB compressed archive of data samples and asserting the information originated from mobile analytics provider AppsFlyer.

The exposed samples reportedly contain user IDs, transaction details (such as payments for premium features like additional likes or profile boosts), IP addresses with approximate locations, dating profile elements (names, bios, match logs), authentication tokens, phone numbers, and internal corporate documents including employee emails, contracts, and debugging logs. Some records also appeared linked to other apps like Vividi, though the primary focus was on Match Group’s core services. Notably, the claim did not reference data from Tinder or Plenty of Fish, other major Match Group properties.

Match Group confirmed awareness of the claims and stated it is actively investigating with external cybersecurity experts. The company emphasized that preliminary findings show no evidence of compromised login credentials, financial details, or private messages. “We are aware of claims being made online related to a recently identified security incident. Match Group takes the safety and security of our users seriously and acted quickly to terminate the unauthorized access,” a Match Group spokesperson said. “We continue to investigate with the assistance of external cybersecurity experts. There is no indication that user log-in credentials, financial information, or private communications were accessed. We believe the incident affects a limited amount of user data, and we are already in the process of notifying individuals, as appropriate.”