Hackers Selling Coffee Meets Bagel Accounts on Dark Web

The Register has reported this week on data for sale via the dark web, claiming 16 companies have been hacked and over 620 million accounts revealed.

Worst affected were Dubsmash (162 million accounts), MyFitnessPal (151 million), MyHeritage (92 million) and ShareThis (41 million).

Dubsmash is a video messaging application, while MyFitnessPal tracks diet and exercise. MyHeritage is an online genealogy platform, and ShareThis is a widget that enables social sharing of content.

Dating app Coffee Meets Bagel is listed as having 6,174,513 accounts for sale at 0.13 BTC ($468).

CMB Communications Lead Jenn Takahashi told The Register: “We are not aware of a breach at this time, but our security team is looking into this now.

“(…) We have engaged with our legal team and forensic security experts to identify any issues and ensure we have the best security stance moving forward.”

According to The Register, there “appears to be no payment or bank card details in the sales listings.”

Other personal details are available with the data from some apps, however, such as social media access tokens and location data.

The CMB data reportedly contains “a full name, email address, age, registration date, gender, and what is claimed to be a SHA256-hashed password.”

Earlier this month, GBTQ dating platform Jack’d made headlines after private images it hosts were found to be vulnerable to hackers.

Read more here.