MeetMindful Data Breach Class Action Investigation
CSK&D is investigating a potential data breach class action lawsuit stemming from wide-ranging data breach that impacted more than 2.28 million members of the online dating site MeetMindful. MeetMindful combines a dating platform with a focus on wellness, life-coach articles, intentional living tips and musings on spirituality. According to recent reports, a steal-and-leak hacking group known as “ShinyHunters” has stolen and published nearly 1.2 GB of personally identifiable information on a “publicly accessible hacking forum known for its trade in hacked databases.” The data has nearly 1,500 views in the public forum so far, but how many times it has been downloaded is unknown. The file contains sensitive information that MeetMindful users provided when they registered to use the service and set up their profiles, including emails, city, state and ZIP code, dating preference, birth dates, martial status, IP addresses, and Bcrypt-protected account passwords. Further, Facebook user IDs and authentication tokens are part of the compromised data, as well. Security researchers note that dating apps in particular present a highly attractive target for cybercriminals, who use the stolen data to extort money from users who wish to keep these personal details from being distributed. Cybersecurity analysts call this combination of data points included in the data breach “nothing less than toxic.” While it is unclear how ShinyHunters was able to access the site’s data, cybersecurity experts suspect it was a cloud misconfiguration.
If you have used MeetMindful’s services and believe your information may have been compromised in the breach, we would like to hear from you.