Match Group (Hinge, Match, OkCupid)
Analysis of the alleged Match Group breach reportedly exposing 10 million records from Hinge, Match.com, and OkCupid via claimed compromise of marketing analytics partner.
Published by the Scrutex.ai Research Team | January 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Match Group (Hinge, Match, OkCupid)
Owner of dating platforms including Tinder, Hinge, Match.com, OkCupid, and Meetic, serving users in over 40 countries.
Sector
Dating / Social Media
Region
Global
Date of Incident
Late January 2026 (part of broader ShinyHunters SSO campaign)
Date Disclosed
January 28, 2026
Estimated Impact
10 million records
Data Types Exposed
User profiles with names and bios, subscription and transaction details, IP addresses, phone numbers, authentication tokens, employee email lists, internal company materials, partner contracts
Attack Type
Social Engineering
Attack Vector
Voice phishing (vishing) targeting Okta SSO account, gaining access to AppsFlyer analytics instance and cloud storage
Threat Actor
ShinyHunters (using phishing domain 'matchinternal.com')
Current Status
Match Group confirmed incident. Core login and financial data reportedly safe. Investigation ongoing with external cybersecurity experts.
Severity Assessment
High. 10 million records from multiple dating platforms exposed. Dating profile data is inherently sensitive and can enable harassment, blackmail, and highly targeted social engineering.
What Happened
In January 2026, approximately 10 million records from Match Group platforms including Hinge, Match.com, and OkCupid were reportedly exposed. The data allegedly includes user IDs, IP addresses, subscription details, employee emails, and corporate contracts.
Some reports have linked the attack to ShinyHunters, with AppsFlyer (a marketing analytics platform) cited as the alleged entry point. The mix of consumer and corporate data suggests the attacker may have had broad access across Match Group's environment.
Timeline
Late January 2026
ShinyHunters compromise Okta SSO account via vishing using phishing domain 'matchinternal.com'
January 28, 2026
ShinyHunters claim to publish 1.7GB of data from Match Group platforms
Late January 2026
Match Group confirms incident and engages external cybersecurity experts
Late January 2026
AppsFlyer denies that their own systems were breached
Threat Actor Profile
ShinyHunters conducted this attack as part of a coordinated campaign in early 2026 targeting SSO credentials across multiple organisations via voice phishing.
The group used a custom phishing domain 'matchinternal.com' to impersonate Match Group's internal IT support and trick employees into providing Okta credentials and MFA codes.
Impact and Risk Assessment
For Affected Individuals
Dating profile data is inherently sensitive. Exposure of user profiles, bios, and subscription details from platforms like Tinder and Hinge can enable harassment, blackmail, and discrimination.
IP addresses and authentication tokens may allow further account compromise if not promptly rotated.
The combination of personal preferences, relationship status, and location data creates a comprehensive profile that could be exploited for targeted social engineering.
For Organisations
Match Group faces reputational damage across its portfolio of dating brands, as user trust is foundational to the dating platform business model.
Exposed employee email lists and internal documents create ongoing spear-phishing risk for Match Group staff.
Partner contracts and corporate materials may reveal commercial arrangements and strategic plans.
Regulatory Context
Dating platform data falls under GDPR's special categories of personal data in the EU, as it can reveal sexual orientation and intimate preferences.
Multiple jurisdictions have specific protections for data that could reveal sexual orientation, making this breach particularly sensitive from a regulatory perspective.
What Should You Do?
If You Are a Potentially Affected Individual
If you use Tinder, Hinge, Match.com, OkCupid, or Meetic, review your profile for sensitive information and consider updating your password.
Be cautious of unsolicited messages that reference your dating profile or personal preferences, as these may be social engineering attempts.
If You Are a Security or Risk Professional
Audit third-party marketing analytics integrations (such as AppsFlyer) and review what data they can access. Marketing technology vendors often have deeper access than expected.
Implement phishing-resistant MFA and consider domain-based controls that can detect lookalike phishing domains targeting your organisation.
Learnings and Recommendations
The alleged use of a marketing analytics platform as the attack vector highlights supply chain risk through marketing technology vendors, which often have deep access to user data and are overlooked in security assessments.
Dating platform data is inherently sensitive. Even without explicit profile content, the combination of user IDs, IP addresses, and subscription details can identify individuals and create risks including blackmail and harassment.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.