Full Report
2.28 million users of the MeetMindful dating app have had their details published on a hacker forum
Analysis Summary
# Incident Report: MeetMindful Dating App Data Exposure
## Executive Summary
The wellness-themed dating application, MeetMindful, suffered a data breach resulting in the exposure of data belonging to 2.28 million users. The attack, attributed to the threat actor ShinyHunters, involved the exfiltration and subsequent publication of sensitive user information on a public hacking forum. The primary impact is a high risk of phishing and sextortion campaigns targeting the affected user base.
## Incident Details
- Discovery Date: January 26, 2021 (Date of public documentation/exposure)
- Incident Date: Prior to January 26, 2021 (Date of data exfiltration is not specified)
- Affected Organization: MeetMindful
- Sector: Dating/Social Networking Application
- Geography: Not explicitly stated, presumed global/US-based due to user data structure (City, State, ZIP)
## Timeline of Events
### Initial Access
- Date/Time: Unknown
- Vector: Unknown (Implied successful breach leading to data access)
- Details: The severity suggests a compromise of the application's database or storage infrastructure.
### Lateral Movement
- Details: Not specified in the report, but implied that the attacker located and accessed the production user database containing sensitive PII.
### Data Exfiltration/Impact
- Details: 1.2 GB of data was exfiltrated. The data includes real names, email addresses, City/State/ZIP information, IP addresses, Facebook User IDs, and Facebook authentication tokens. Payment information and messages were confirmed **not** exposed. The data was published on a hacking forum.
### Detection & Response
- Details: The breach became public knowledge when the data was posted online. MeetMindful issued a User Security Notification confirming the breach.
## Attack Methodology
- Initial Access: Unknown (Likely exploiting a vulnerability in the application or infrastructure).
- Persistence: Not applicable (This appears to be a targeted data exfiltration event).
- Privilege Escalation: Not specified.
- Defense Evasion: Not specified.
- Credential Access: Not specified, though Facebook authentication tokens were stolen.
- Discovery: Not specified.
- Lateral Movement: Not specified.
- Collection: Database access was achieved to compile 1.2 GB of user records.
- Exfiltration: Data was dumped and published on a public hacking forum.
- Impact: Exposure of identifying information leading to risks of targeted fraud and sextortion.
## Impact Assessment
- Financial: Not specified.
- Data Breach: 2.28 million user records. Sensitive PII (Real names, emails, location data, access tokens) exposed.
- Operational: Minimal operational disruption mentioned, focus was on user notification.
- Reputational: Significant negative publicity due to the exposure of sensitive dating app user data.
## Indicators of Compromise
- Network indicators: No specific malicious IPs or domains provided in the summary.
- File indicators: A 1.2 GB data file was published (content not detailed).
- Behavioral indicators: Large-scale unauthorized database query/export activity, followed by publication on a hacking forum.
## Response Actions
- Containment: Not explicitly detailed, but implied actions were taken to secure affected systems post-discovery.
- Eradication: Not explicitly detailed.
- Recovery: MeetMindful issued a User Security Notification to affected users.
## Lessons Learned
- The presence of Facebook authentication tokens and linking real names to dating profiles creates severe exposure risks.
- Despite excluding financial data, PII alone is sufficient to enable highly malicious follow-on attacks (phishing, sextortion).
## Recommendations
- Immediately revoke and force rotation of all compromised Facebook authentication tokens.
- Conduct a thorough audit of data retention policies, minimizing the storage of highly sensitive cross-platform authentication credentials.
- Enhance database security posture, ensuring strong access controls and encryption for PII, especially for user profiles on dating platforms.