Data leak hits popular dating site MeetMindful. ShinyHunters, the group which breached Pixlr and finance app Dave and even doubles up as a data broker, is now offering the 1.2GB data for free on a public forum. An industry expert posits a misconfigured cloud database could have potentially exposed the data online.
The notorious hacking group ShinyHunters has struck once again, this time leaking personal information of over 2 million MeetMindful users. According to a security researcher who spoke with ZDNet, more than 2.28 million users of the dating site were compromised and shared as a free download on a public forum called Raid Forums.
The hacked data includes names, email addresses, location (city, state, and ZIP code details), body details, dating preferences, marital status, birth dates, latitude and longitude, IP addresses, and bcrypt-hashed account passwords (hack-resistant passwords that leverage bcrypt hashing).
The 1.2 GB trove of personal information also includes Facebook user IDs and Facebook authentication token, thus enabling threat actors with access to the shared (read: leaked) file to identify and target and victimize affected users with something called sextortionOpens a new window .
However, the full details of all users and exchanged messages weren’t leaked.
In their report, ZDNetOpens a new window mentioned that the thread on Raid Forums, where this ‘highly sensitive data’ was leaked, has been viewed 1,500 times. Raid Forums is popular among hackers. MeetMindful, which has been in existence since 2014, has not released a statement on either the reach or the leak.
See Also: Survey Reveals Why Cloud Security Risks Are Justified
VP of Product at CloudSphere Pravin Rasiah, discussed the possibility of misconfigured AWS databases and S3 buckets as the entry point for ShinyHunters. Rasiah told SiliconANGLE, “Improperly secured AWS S3 buckets are one of the leading causes of data breaches due to misconfiguration. The chances of leaving an S3 bucket exposed are all too high, as inexperienced users can simply choose the ‘all users’ access option, making the bucket publicly accessible. Leaving these S3 buckets open and exposed invites hackers to exploit the personal data entrusted to companies by their customers.â€
ShinyHunters was behind the Pixlr leak, wherein 1.9 million records wereOpens a new window exposed. Just last week, the hacker breached the e-commerce platform Teespring and exposed the data of over 12 million usersOpens a new window .
The hacking group was also credited for the leaks of the following companies:
- JusPay: 100 million usersOpens a new window
- BigBasket: 20 million usersOpens a new window
- BuyUCoin: 325,000 usersOpens a new window
- WishBone: 40 million usersOpens a new window
- Dave: 7.5 million usersOpens a new window and more.
Emphasizing the need to secure cloud environments, Chris HertzOpens a new window , VP Cloud Security Sales at DivvyCloud by Rapid7 told Toolbox, “Approaches and strategies from the data center world don’t transfer to the cloud, and companies need to rapidly invest in the process and in supporting tools (including automation) to stay ahead in this complex landscape.â€
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!