Leak at Match Group (Hinge, Match, OKCupid)
On 29 January 2026, Match Group — parent of Hinge, Match and OKCupid — disclosed a breach after the ShinyHunters group used a vishing attack to hijack an employee Okta SSO account; exposed PII included names, dates of birth, phone numbers and IP addresses.
- Victim
- Match Group (Hinge, Match, OKCupid)
On 29 January 2026, Match Group — the US dating-app conglomerate behind Hinge, Match and OKCupid — disclosed a data breach after attacker group ShinyHunters publicly claimed the theft of user records and internal files.
The intrusion did not exploit a software flaw. Attackers ran a voice phishing (vishing) campaign that tricked an employee into surrendering Okta single sign-on (SSO) credentials via a lookalike domain (matchinternal.com). With that access they reached internal dashboards, the AppsFlyer mobile-marketing platform and cloud storage, then exfiltrated data.
Exposed data categories reported for affected users include:
- First and last name, and login identifier
- Date of birth
- Phone number
- IP address and user-agent (device/tracking) data
Scale claims diverge sharply: ShinyHunters advertised roughly 10 million records and leaked about 1.7 GB of files, while the figure tied to this disclosure is 196,000 users; independently verified samples were smaller still. Match Group said it found no evidence that passwords, financial details or private messages were accessed, stating those were not stored in the compromised systems.
Match Group acted quickly to terminate the unauthorized access, engaged external investigators and began notifying affected individuals, leaving the incident contained but with the leaked dataset already circulating.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/match-group-breach-exposes-data-from-hinge-tinder-okcupid-and-match/
- theregister.comhttps://www.theregister.com/2026/01/29/shinyhunters_match_group/
- cybernews.comhttps://cybernews.com/security/hinge-okcupid-data-leak-shinyhunters-claims/
- it-connect.frhttps://www.it-connect.fr/une-fuite-de-donnees-chez-match-group-le-geant-derriere-tinder-okcupid-ou-encore-match-com/