Today is a day of the week that ends in –y, so that means another data breach has been reported with clockwork-like regularity. This time, the target was a gay dating app called Manhunt, which purports to have a user base of more than 6 million people.
According to the company behind the app, a hacker executed this data breach that exposed user profiles back in February. The company provided a statement to the Washington State attorney general that reads, in part, that this data breach saw the hacker having “downloaded the usernames, email addresses and passwords for a subset of our users in early February 2021.” In total, at the moment, it’s thought that 11% of the company’s user base was affected by the hack.
That’s what an attorney representing Manhunt told TechCrunch about the hack. The company that launched the app in 2001, Online-Buddies Inc., also offered another gay dating app called Jack’d that was sold in 2019 — and which was hit by a similar security issue of its own right before the sale, in which users’ photos and location data were exposed. Last month, meanwhile, Manhunt tweeted the following: “At this time, all Manhunt users are required to update their password to ensure it meets the updated password requirements.”
Hacks and data breaches like these, it should go without saying, are especially unfortunate — with dating apps making particularly tempting targets for hackers — because of the extra-private nature of the data involved. The direct messages, user profiles, and photos that stand to be exposed in attacks like these are no doubt of a much more private and personal nature than what users share with, say, an app like LinkedIn. Recall, for example, that after the dating site Ashley Madison was hacked and exposed user information, some users went on to commit suicide.
“Manhunt takes the security of its users’ information very seriously,” reads the statement to the Washington State attorney general. “In accordance with state law, we are notifying affected residents regarding this incident via email and a message in our users’ inboxes on our platform.”
Check out our earlier coverage about email and password breaches for some tips on how you can stay safer online when using services like this and others. Here are some steps you can take to protect yourself:
- Use 2-factor authentication for your email account.
- Change your password right now, and do it regularly going forward.
- And use a solid password manager service to protect your accounts.
- It’s also a good idea to check online services like Have I Been Pwned? regularly. That particular site will search publicly available data to see if your email and/or phone number have been caught up in a reported data breach, which is something you’d certainly want to know as soon as possible.