Match Group Confirms Data Breach After ShinyHunters Leaks 10 Million User Records
Match Group, the parent company behind popular dating platforms Tinder, Match.com, Meetic, OkCupid, and Hinge, has confirmed a cybersecurity incident involving the theft of user data. The breach was linked to the ShinyHunters threat group, which leaked 1.7 GB of compressed files containing approximately 10 million records from Hinge, Match, and OkCupid, along with internal documents.
In a statement to BleepingComputer, a Match Group spokesperson acknowledged the incident, stating the company acted swiftly to terminate unauthorized access. While the investigation is ongoing with external experts, Match Group reported no evidence that login credentials, financial information, or private user communications were compromised. Affected individuals are being notified as appropriate.
The attack stemmed from a social engineering campaign targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google across over 100 organizations. In Match Group’s case, hackers gained access by compromising an Okta SSO account, which provided entry to AppsFlyer marketing analytics and cloud storage services like Google Drive and Dropbox. The phishing attempt used the domain matchinternal.com.
ShinyHunters claimed the stolen data included personally identifiable information (PII), though much of it consisted of tracking data. Security experts, including Mandiant’s CTO Charles Carmakal and Okta Threat Intelligence researcher Moussa Diallo, emphasized the need for phishing-resistant multi-factor authentication (MFA), such as FIDO2 security keys or passkeys, to mitigate such attacks. Okta also recommended strict app authorization policies and monitoring for anomalous API activity.
The incident highlights ongoing risks from social engineering, with some financial institutions testing live caller verification to combat fraudulent access attempts. Match Group, which serves over 80 million active users and generates $3.5 billion in annual revenue, remains a high-value target for cybercriminals.
Match Group cybersecurity rating report: https://www.rankiteo.com/company/matchgroup
Hinge cybersecurity rating report: https://www.rankiteo.com/company/hinge-app
Okta cybersecurity rating report: https://www.rankiteo.com/company/okta-inc-
"id": "MATHINOKT1769712133",
"linkid": "matchgroup, hinge-app, okta-inc-",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '10 million records',
'industry': 'Online Dating',
'name': 'Match Group',
'size': '80 million active users, $3.5 billion annual '
'revenue',
'type': 'Parent Company'},
{'industry': 'Online Dating',
'name': 'Hinge',
'type': 'Subsidiary'},
{'industry': 'Online Dating',
'name': 'Match.com',
'type': 'Subsidiary'},
{'industry': 'Online Dating',
'name': 'OkCupid',
'type': 'Subsidiary'}],
'attack_vector': 'Social Engineering (Phishing)',
'customer_advisories': 'Affected individuals are being notified as '
'appropriate',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '10 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII), Low (Tracking data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Tracking data']},
'description': 'Match Group, the parent company behind popular dating '
'platforms Tinder, Match.com, Meetic, OkCupid, and Hinge, '
'confirmed a cybersecurity incident involving the theft of '
'user data. The breach was linked to the ShinyHunters threat '
'group, which leaked 1.7 GB of compressed files containing '
'approximately 10 million records from Hinge, Match, and '
'OkCupid, along with internal documents. The attack stemmed '
'from a social engineering campaign targeting single sign-on '
'(SSO) accounts at Okta, Microsoft, and Google. Hackers gained '
'access by compromising an Okta SSO account, which provided '
'entry to AppsFlyer marketing analytics and cloud storage '
'services like Google Drive and Dropbox.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '10 million records',
'identity_theft_risk': 'High',
'payment_information_risk': 'None (reported)',
'systems_affected': ['AppsFlyer marketing analytics',
'Google Drive',
'Dropbox']},
'initial_access_broker': {'entry_point': 'Compromised Okta SSO account via '
'phishing (domain: '
'matchinternal.com)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Need for phishing-resistant multi-factor authentication '
'(MFA), such as FIDO2 security keys or passkeys, strict '
'app authorization policies, and monitoring for anomalous '
'API activity.',
'post_incident_analysis': {'root_causes': 'Social engineering (phishing) '
'leading to compromised Okta SSO '
'account'},
'recommendations': ['Implement phishing-resistant MFA (FIDO2 security '
'keys/passkeys)',
'Enforce strict app authorization policies',
'Monitor for anomalous API activity',
'Use live caller verification for fraud prevention'],
'references': [{'source': 'BleepingComputer'},
{'source': 'Mandiant (Charles Carmakal)'},
{'source': 'Okta Threat Intelligence (Moussa Diallo)'}],
'response': {'communication_strategy': 'Notified affected individuals as '
'appropriate',
'containment_measures': 'Terminated unauthorized access',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'External experts'},
'threat_actor': 'ShinyHunters',
'title': 'Match Group Data Breach After ShinyHunters Leaks 10 Million User '
'Records',
'type': 'Data Breach',
'vulnerability_exploited': 'Compromised Okta SSO account'}