Hackers Allegedly Breach Tinder And Hinge: What We Know So Far

The Breach Alert: What Happened?

Anna Iovine, a well-known figure in the world of digital dating coverage, brings us the latest scoop on a worrying security breach. Match Group, the powerhouse behind popular dating apps like Tinder and Hinge, is in hot water as they investigate a security incident reportedly compromising user data.

The hacker group, Scattered LAPSUS$ Hunters, has claimed responsibility for the breach, asserting that they obtained a trove of Match's internal information. As reported by 404 Media, this data includes unique advertising IDs, corporate receipts, and other sensitive documents. Match Group is taking these claims seriously and has already begun notifying potentially affected users.

“We are aware of claims being made online related to a recently identified security incident. Match Group takes the safety and security of our users seriously and acted quickly to terminate the unauthorized access. We continue to investigate with the assistance of external cybersecurity experts.”

Decoding the Hack: How Did They Do It?

The hackers reportedly used a social engineering technique known as vishing to infiltrate Match's documents. Vishing, akin to phishing but conducted over the phone, involves scammers posing as trustworthy entities to extract information. Specifically, Scattered LAPSUS$ Hunters targeted Match's Okta single-sign-on, a system managed by a company known for securing corporate logins.

Okta has responded, emphasizing the importance of awareness about these evolving social engineering strategies, insisting their platform remains secure.

Clearing the Air: AppsFlyer's Response

In the aftermath of the breach, hackers mentioned accessing Match's data from the cloud platform AppsFlyer. However, AppsFlyer has firmly denied any involvement. They confirmed that their systems were neither breached nor compromised, and any suggestion otherwise is incorrect.

As the dust settles, Match Group continues its investigation, ensuring that user safety remains their top priority. While current indications suggest no user log-in credentials or financial data were accessed, the situation serves as a stark reminder of the constant vigilance required in the digital age.