ShinyHunters Hack 10 Million Dating Profiles – Your Swipes Are Now Ransomware Bait[1]
Hackers from the notorious ShinyHunters group just claimed they breached Match Group, the powerhouse behind Tinder, Hinge, and OkCupid, exposing 10 million user records in early 2026.[1] They snagged user data, internal docs, transaction details, and IP addresses, turning romantic matches into a cybercriminal goldmine.[1]
Diving into the tech: This wasn’t some zero-day magic – it was a classic social engineering hit via voice phishing, tricking insiders into handing over access.[1] ShinyHunters, fresh off their Crunchbase raid with 2 million records stolen through similar tactics, are on a tear, proving voice phishing bypasses even MFA if your team’s not drilled on it.[1]
So what? Devs and sec teams, this screams third-party risks and phishing fatigue – if dating apps with millions of users can’t lock down employee awareness, your stack’s next. Rushed cloud configs and weak IAM let this scale; patch your training gaps now or watch your users’ data hit dark web auctions.[2]
My take: Enough with the “unstoppable attacks” BS – this was preventable with basic awareness drills. Time to treat phishing sims like code reviews, or keep feeding the hackers.[2]
