2.3 Million People Affected by a Dating Site Data Breach: What to Do

If you have an account on the wellness-themed MeetMindful dating service, you may want to change your password and log out of Facebook.

This is because malicious data thieves dumped details of 2.3 million MeetMindful accounts into an online hacker forum where anyone can retrieve the 1.2 GB database for free.

The now public user data includes real names, email addresses, street addresses, relationship status, gender, potential partner preferences and location by latitude and longitude, according to a ZDNet report.

‘Birthdays’ is also among the fields disclosed, but it was not clear whether this included the year of birth, or just the month and day, which would create less risk of identity theft.

Facebook IDs and session tokens have also been leaked, allowing Facebook users to stay logged in for a long time. Session tokens can allow anyone with this information to temporarily log into Facebook accounts, although account hacking is not possible without actual Facebook passwords.

To make sure that no one can access your Facebook account using stolen session tokens, sign out of Facebook on all your devices and then sign back in.

Last our softness

MeetMindful, which is reportedly based in Denver, has been around since 2013. Gizmodo noticed that the dating service’s Facebook, Twitter, and Instagram accounts had not seen any new posts since April 2020, suggesting that the service may be in a rough spot. kind of technology. limbo. Likewise, the service’s Android and iOS applications have not been updated since winter 2020.

But MeetMindful was alive enough to post a security advisory, last updated yesterday (January 24), about this data breach.

“We are deeply sorry that this has happened,” begins the MeetMindful security post, stressing the “deeply”.

“This incident applies to users who signed up for MeetMindful before March 2020. Users who opened an account after March 2020 or who updated their account details since March 2020 have not been affected.”

The good news: “No passwords, photos, conversations, correspondence, credit card details or other financial information were accessed. “

“We have contacted all users who may be affected,” the MeetMindful post read. “If you have not received an email from us directly, you are not affected by this incident.”

Most passwords are probably safe, but change them anyway

Passwords for stored MeetMindful accounts have been encrypted using Bcrypt, one of the strongest one-way hashing algorithms available. However, you should still change your MeetMindful password, just to be safe. The service encourages all users to do so here.

Make sure the password is long and strong, and do not reuse the password on another account. If you’ve used the same password elsewhere, change it on those accounts as well, and make sure the new passwords are all unique. Using one of the best password managers will go a long way in keeping your accounts safe online.

The data was dumped by a malicious hacker or a group of hackers called ShinyHunters who are known to steal and then made public user data from online services. Last Friday, ShinyHunters dumped data belonging to at least 7 million customers of U.S. menswear retailer Bonobos.