Source: BleepingComputer
Match Group, the parent company behind some of the world’s most popular dating platforms-including Tinder, Hinge, OkCupid, Match.com, and Meetic-has confirmed a cybersecurity incident that compromised user data.
What Happened
The ShinyHunters threat group leaked approximately 1.7 GB of compressed files allegedly containing 10 million records of user information and internal documents. Match Group has confirmed that hackers stole a “limited amount of user data” in the incident.
The attack was conducted through a sophisticated voice phishing (vishing) campaign targeting single sign-on (SSO) accounts. The threat actors compromised an Okta SSO account using a phishing domain at ‘matchinternal.com’, which gave them access to the company’s AppsFlyer marketing analytics instance as well as Google Drive and Dropbox cloud storage accounts.
Impact Assessment
According to Match Group’s statement, the investigation-conducted with external experts-found no indication that the hackers accessed:
- User login credentials
- Financial information
- Private communications
The company stated the incident affects “a limited amount of user data” and is already notifying affected individuals. However, with Match Group’s user base estimated at over 80 million active users and annual revenue of .5 billion, even a “limited” breach could have significant implications.
Defense Recommendations
Security experts recommend organizations implement the following protections against similar social engineering attacks:
- Phishing-resistant MFA: Deploy FIDO2 security keys or passkeys where possible, as these are resistant to social engineering in ways that push-based or SMS authentication are not
- Strict app authorization policies: Implement controls to prevent unauthorized application access
- Network zones and access control lists: Know where legitimate requests originate and allowlist those networks
- Monitor for anomalies: Track logs for unusual API activity or unauthorized device enrollments
This incident is part of a larger ShinyHunters campaign targeting SSO accounts at Okta, Microsoft, and Google across over a hundred high-value organizations.
Key Takeaways
The Match Group breach highlights the growing threat of voice phishing against enterprise SSO systems. Organizations should prioritize phishing-resistant authentication methods and implement robust monitoring to detect compromised accounts before data exfiltration occurs.
