- ShinyHunters allegedly breached Bumble and Match, stealing internal documents and limited user data
- Bumble claims members’ accounts and profiles were not accessed during phishing incident
- The group moved from ransomware to data theft, warning businesses of phishing and vishing threats
Dating apps Bumble and Match appear to have been hit by a cyberattack perpetrated by none other than the notorious ShinyHunters gang.
The threat actor allegedly added both companies to its data leak site. For Bumble, they claim to have stolen a treasure trove of data:
“Thousands of internal Bumble documents,” the message states, according to Hackmanac. “Our exfiltration focused on documents designated as restricted or confidential. Files primarily from Google Drive and Slack.”
Match confirms the breach
Bloomberg reported that Bumble, which also owns Badoo and BFF, contacted law enforcement after one of its contractor’s accounts “was recently compromised in a phishing incident.”
Speaking to the publication, a spokesperson said the threat actor carried out “brief unauthorized access to a small portion of our network”, after which he was ousted.
Bumble does not believe the attackers accessed the member database, member accounts, the Bumble app, direct messages, or people’s profiles.
Match, on the other hand, also confirmed on January 28 that it had suffered a cybersecurity incident affecting “a limited amount of user data.” It is currently in the process of notifying affected individuals and says there is no evidence that user login credentials, financial information or private communications were compromised.
ShinyHunters has been filling the news columns in recent weeks, after successfully hacking a few major companies and allegedly targeting “hundreds” more. They are mainly involved in phishing and vishing (voice phishing) and attack Okta, Microsoft and other single sign-on (SSO) platforms.
The group started as a ransomware operator, but at one point decided to abandon the encryption part and focus solely on data exfiltration. Apparently, this process is cheaper, faster and more efficient, but just as lucrative.
Other ransomware operators have reportedly followed suit. Organizations, and primarily businesses based in the United States, are cautioned to be careful of people who call in and claim to be IT and technical support.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
