Cybercriminals have targeted two dating websites, resulting in over 850,000 users having their data accessed.
What happened
Two dating websites under the same owner, Ladies.com and Senior Dating, have had their databases breached.
The latter website, designed to match singles over 40, had its database leaked on the website Have I Been Pwned (HIBP). According to HIBP, the database included information like bios, dates of birth, drinking habits, education levels, email addresses, geographic locations, social media profiles, and more. The breach is believed to have occurred on November 23rd, 2024, and impacted 765,517 people.
Ladies.com similarly had its database breach, resulting in information like email addresses, photos, dates of birth, and more leaked. This breach, however, is believed to have occurred on July 3rd, 2024, and resulted in 118,809 individuals impacted. The website has since been shut down.
Going deeper
The breach has been linked to a Google-backed web development platform, Firebase. It’s believed that this platform was compromised, leading to the dating websites also being breached. The vulnerability that led to the breach was likely unnoticed for several months, allowing the hackers to access both websites.
Neither company has released data breach notices or supplied additional information regarding the breach. With a breach of this scale, it’s common for organizations to also offer credit monitoring services, but so far, that has not been the case.
Why it matters
Many breaches like these are crimes of opportunity, meaning that cybercriminals take advantage of weak security systems rather than targeting a specific organization or group.
In this case, individuals may find that the cybercriminals have more information than what it typically accessed in a breach. Extremely personal information, like photos, sexual orientation, and more may have been accessed, and could increase an individual’s risk of fraud or identity theft.
Cases like these are a reminder to individuals that once they provide information to a service, they are trusting that company with their data. For companies, it’s an important reminder that your organization does not necessarily need to hold financial or health information to be the victim of a data breach.
The big picture
Data breaches are becoming all too common, with companies of every size being targeted. In this case, the data breach was not directly the fault of the dating companies but rather the third-party vendor Ladies.com and Senior Dating had chosen to use.
Organizations that need to enlist the help of third parties should be mindful of the data they will share. Whenever an organization is considering a partnership, it should also consider the third party's security protocols and systems.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
