Cyberattacks hit dating app owners Bumble, Badoo, and Tinder
Kyiv • UNN
Bumble, Panera Bread, Match Group, and CrunchBase companies were affected by cyberattacks. Hackers gained access to data, but not to accounts or financial information.
A wave of cyberattacks has affected Bumble Inc., Panera Bread Co., Match Group Inc., and CrunchBase Inc., amid cybersecurity experts warning of a new wave of social engineering attacks targeting American companies, Bloomberg reported, according to UNN.
Details
Bumble Inc., the parent company of dating apps Bumble, Badoo, and BFF, contacted law enforcement after one of its contractor's accounts "was recently compromised in a phishing attack," a company spokesperson said.
The hacker "briefly gained unauthorized access to a small portion of our network," the spokesperson said, adding that the company believes the access has ceased. The hackers did not access the company's user database, user accounts, Bumble app, private messages, or profiles, the spokesperson said.
Similarly, Panera Bread said it notified law enforcement after discovering a cybersecurity incident and took steps to address it. A Panera spokesperson said the hacker gained access to a software application the company used to store data.
"The data affected is contact information," the spokesperson said, without elaborating.
On Wednesday, Match Group, the conglomerate that owns Tinder, Hinge, and other dating apps, also confirmed that the company had experienced a cybersecurity incident affecting a "limited amount of user data" and that it was in the process of notifying customers.
A company spokesperson said there was no indication that user credentials, financial information, or private correspondence had been accessed.
A Match spokesperson told Mashable: "We are aware of claims circulating online related to a recently identified security incident. Match Group takes the security of our users seriously and responded quickly to terminate unauthorized access. We are continuing our investigation with the assistance of external cybersecurity experts."
"There is no indication that user credentials, financial information, or private messages were accessed. We believe the incident affected a limited amount of user data, and we are already in the process of notifying individuals appropriately," the spokesperson continued.
A CrunchBase spokesperson said documents in the corporate network were affected, but the company localized the incident.
Match's system was compromised on January 16, but Bloomberg could not determine when exactly the incidents occurred.
Cybersecurity experts recently warned of a social engineering campaign targeting American companies, allegedly carried out by a group calling itself ShinyHunters. The group claimed responsibility for attacks on Bumble, Panera Bread, Match, and CrunchBase, although Bloomberg could not independently verify these claims.
On its website, Mashable reported earlier this week, ShinyHunters confirmed their involvement in the Panera Bread data breach, which allegedly stole over 14 million customer records. The stolen data reportedly includes customer names, email addresses, phone numbers, home addresses, and account data.
Mandiant, a cybersecurity company owned by Google (Alphabet Inc.), warned last week about the ShinyHunters campaign, stating that the group used new "vishing" techniques to compromise the single sign-on (SAN) credentials of victim organizations and gain remote access to their systems.
Once inside a computer system, hackers move on to using "software as a service" (SaaS) environments to steal sensitive data, Charles Carmakal, Mandiant's CTO, said in a written statement.
He added that the hacker, who calls himself ShinyHunters, had approached some victims with demands for a "reward."
Hackers breached Instagram: 17.5 million users' data at risk10.01.26, 21:57 • 7216 views