MeetMindful, a wellness-themed dating app, has found itself in the cross hairs of a veteran hacker.
The cybercriminals group known as ShinyHunters exfiltrated 1.2 GB worth of data and published it onto a ubiquitous hacking forum where it can be downloaded for free by anyone.
The exposed data impacted 2.28 million users and included the following sensitive information:
- Real names (not user names)
- Email addresses
- City, State and ZIP information
- IP addresses
- Facebook user IDs
- Facebook authentication tokens
MeetMindful announced that no payment information or messages were exposed in the breach. Despite this relief, the implications are far reaching.
The leaked data is sufficient enough for cybercriminals to discover the true identities of each impacted user. Coupled with knowledge of email addresses, this will likely lead to a barrage of email phishing attacks.
But the most serious implication of this breach is that all 2.28 million users are now at a high risk of being targeted in sextortion campaigns - a serious criminal offence where date site breach victims are threatened with having their online activity exposed to friends and family unless a payment demand is met.