The data belongs to the MeetMindful dating site and includes everything from real names to Facebook account tokens and email addresses, and geolocation information.
A well-known hacker revealed this week the details of more than 2.28 million users registered with MetworkMindful.com, a dating website launched in 2014.
Dating site information is shared as a free download from a publicly accessible hacking platform known for trading hacked data.
Leaked data, a 1.2 GB file, looks like a dump for site users’ information.
This file’s content includes a lot of information provided by users when setting up profiles on the MeetMindful site and mobile applications.
Some of the most critical data points included in the file include:
- Real names
- Email addresses
- City, state, and ZIP details
- Physical details
- Dating options
- Marital status
- Latitude and length
- IP addresses
- Bcrypt account passwords
- Facebook User IDs
- Facebook verification tokens
User modified messages are not included in the swollen file; however, this does not make the whole incident more sensitive.
While not all leaked accounts have full details included, for most MeetMindful users, the data provided can be used to track their dating profiles back to their real-world ownership.
While reaching a comment on MeetMindful on Thursday via Twitter, a MeetMindful spokesman redirected our request to an email address where we had not heard in three days.
Currently, the forum thread where MeetMindful data is disclosed is viewed more than 1,500 times and is likely to be downloaded extensively, in most cases.
The information is still available for download at the community file hosting site where it was initially uploaded.
Site details were released by a threatening online character such as ShinyHunters.
They earlier this week also revealed the details of the millions of users registered with Teespring, a website that allows users to create and sell custom-made clothing.
A comment request sent to an email address previously used by ShinyHunters was not answered.
The leak of this sensitive data represents the future issue of site users and the main reason why MetworkMindful needs to notify account holders.
Over the past few years, many cybercrime groups have committed a practice called sextortion.
They take free information from dating sites and users of the site, threatening to disclose their dating profiles and family history or coworkers without being fined.