Zoosk, Inc.

On June 10, 2020, the Washington State Office of the Attorney General disclosed a data breach affecting Zoosk, Inc., a prominent online dating platform. The incident occurred on January 12, 2020, when unauthorized actors gained access to a company database. The breach exposed sensitive personal information of approximately 115,158 Washington residents, including usernames, email addresses, dates of birth, and potentially passwords. The compromised data poses risks such as identity theft, phishing attacks, and unauthorized account access, given the nature of the exposed credentials. While financial details (e.g., credit card numbers) were not reported as stolen, the leak of personally identifiable information (PII) especially passwords heightens vulnerabilities for affected users. The breach underscores systemic weaknesses in Zoosk’s cybersecurity measures, particularly in safeguarding user databases from external intrusions. The incident did not involve ransomware or a direct financial demand, but the scale of exposed PII and the potential for downstream fraud or reputational harm to Zoosk users classify it as a significant data leak with lasting consequences for customer trust and regulatory compliance.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10556

TPRM report: https://www.rankiteo.com/company/spark-networks

"id": "spa216082125",
"linkid": "spark-networks",
"type": "Breach",
"date": "1/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '115,158 (Washington residents)',
                        'industry': 'Online Dating',
                        'location': 'Washington, USA (residents affected)',
                        'name': 'Zoosk, Inc.',
                        'type': 'Company'}],
 'attack_vector': 'Unauthorized Database Access',
 'data_breach': {'data_exfiltration': 'Likely (unauthorized access)',
                 'number_of_records_exposed': '115,158',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'Moderate to High (PII)',
                 'type_of_data_compromised': ['User names',
                                              'Email addresses',
                                              'Dates of birth',
                                              'Passwords (potentially)']},
 'date_detected': '2020-01-12',
 'date_publicly_disclosed': '2020-06-10',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving Zoosk, Inc. on June 10, 2020. The '
                'breach occurred on January 12, 2020, due to unauthorized '
                'access to a database, affecting approximately 115,158 '
                'Washington residents and potentially compromising user names, '
                'email addresses, dates of birth, and possibly passwords.',
 'impact': {'data_compromised': ['User names',
                                 'Email addresses',
                                 'Dates of birth',
                                 'Passwords (potentially)'],
            'identity_theft_risk': 'Potential (due to PII exposure)',
            'systems_affected': ['Database']},
 'post_incident_analysis': {'root_causes': 'Unauthorized database access '
                                           '(specifics undisclosed)'},
 'references': [{'date_accessed': '2020-06-10',
                 'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Public disclosure via Washington '
                                        'State Attorney General'},
 'title': 'Zoosk, Inc. Data Breach (2020)',
 'type': 'Data Breach'}