The ShinyHunters cybercrime group has claimed responsibility for a major data breach involving popular dating apps owned by Match Group. The attackers say they have stolen more than 10 million user records from platforms including Hinge, OkCupid, and Match.com.
According to the group, the stolen data includes user IDs, transaction details, IP addresses, dating profile information, and internal company documents. ShinyHunters shared the claim on its dark web leak site, which is commonly used by cybercriminal groups to publish details about alleged breaches.
The attackers also suggested that the data may not have been taken directly from the dating apps themselves. Instead, they implied the breach could be linked to AppsFlyer, a mobile marketing and analytics platform used by many app developers to track user activity and performance.
Match Group, which owns Hinge, OkCupid, Match.com, Tinder, and Plenty of Fish, has acknowledged the claims and said it is actively investigating the issue. The company stated that it acted quickly to stop any unauthorized access and is working with external cybersecurity experts.
In a statement, Match Group said there is currently no indication that user login credentials, financial information, or private messages were accessed. The company added that the incident appears to affect a limited set of user data and that impacted users are being notified where necessary.
Security researchers who reviewed the leaked data samples said they include a mix of user information, internal documents, and test data. Some samples reportedly show Hinge profile details such as names, bios, and match records. Other files appear to contain subscription and payment-related data, including transaction IDs and amounts paid for premium features.
The samples also include IP addresses, location data, and authentication tokens. While passwords do not appear to be part of the leaked data, authentication tokens can still pose a risk if misused. Experts say users should remain cautious and consider logging out of affected apps and reviewing their account security settings.
Although the full scale of the breach has not been confirmed, experts warn that dating app data leaks can be especially harmful. Personal profile details can be used to create highly targeted scams that feel more convincing than regular phishing attempts. This can increase the risk of fraud, identity misuse, and emotional manipulation.
