Your Dating App Data Just Got Leaked (Again)
What the Match Group breach means for your privacy, and how to protect yourself on dating apps.
If you've ever used Tinder, Hinge, OkCupid, or Match.com, your data may have just been stolen.
Match Group — the company that owns most major dating apps — confirmed this week that hackers accessed user data. The ShinyHunters threat group claims to have leaked 1.7 GB of compressed files containing around 10 million records across Hinge, Match, and OkCupid.
This isn't just another faceless corporate breach. Dating app data is uniquely personal and uniquely dangerous when exposed.
Why Dating App Breaches Are Different
Your bank leaks your name and maybe an old address. Annoying, but manageable.
Your dating profile leaks something else entirely: your relationship status, sexual orientation, preferences, photos, who you've matched with, what you've said in private messages.
This kind of data can be used for:
Blackmail — "Pay us or we send your Tinder profile to your wife/husband/employer."
Romance scams — Scammers now know exactly who's single and looking. They can craft targeted approaches.
Stalking — Combined with other leaked data, it's easier to track someone down.
Professional harm — In some industries and some countries, personal life details can damage careers.
The Ashley Madison breach in 2015 led to divorces, public humiliations, and at least two suicides. Dating data isn't just embarrassing — it can destroy lives.
What Match Group Actually Said
Match Group claims the breach is "limited" and doesn't include login credentials, financial information, or private messages.
Take that with salt.
Companies routinely understate breaches in initial disclosures. The full scope often becomes clear only later. And "limited" for a company with 80 million active users could still mean millions of affected accounts.
The attack came through a phishing campaign targeting Match Group employees. An attacker compromised an Okta single sign-on account, which gave them access to internal systems including marketing analytics and cloud storage.
What To Do If You've Used These Apps
1. Assume Your Data Was Exposed
If you've ever used Tinder, Hinge, OkCupid, Match.com, or Meetic (Match Group's European brand), work from the assumption that some of your information is now out there.
2. Change Your Passwords
Even though Match Group claims credentials weren't taken, update your passwords anyway. And if you've reused that password elsewhere — stop that, and change those accounts too.
Use a password manager (Bitwarden is free and excellent) to generate unique passwords for every service.
3. Enable Two-Factor Authentication
All major dating apps now support 2FA. Turn it on:
- Tinder: Settings → Account → Phone Number verification (or link to Apple/Google account with 2FA)
- Hinge: Settings → Account → Two-Factor Authentication
- OkCupid: Settings → Security → Two-Factor Authentication
Use an authenticator app, not SMS if given the choice. SMS can be intercepted.
4. Watch for Phishing
You might receive emails claiming to be from Match Group, Tinder, or the other apps. They might ask you to "verify your account" or "reset your password" via a link.
Go directly to the app or official website instead. Don't click links in emails about this breach.
5. Monitor Your Accounts
Keep an eye on your email for unusual password reset requests across other services. Attackers often use leaked email addresses to try resetting accounts elsewhere.
For EU Users: Exercise Your GDPR Rights
If you're in Europe, you have options Americans don't.
Request a copy of your data — Under GDPR Article 15, you can demand a full copy of everything a company holds about you. Submit a request to Match Group and see what they actually have.
Request deletion — Under Article 17, you can demand they delete your data. If you're no longer using these apps, ask them to wipe your account and all associated information.
Match Group must respond within 30 days. Their GDPR contact is typically found in the app's privacy policy or at privacy@match.com.
Be specific: mention that you're exercising your rights under GDPR and request confirmation of deletion.
How to Protect Yourself on Dating Apps Going Forward
Minimise What You Share
Every piece of information in your profile is a potential data point in a future breach.
- Don't link Instagram or Spotify accounts (profile enrichment helps dating, but it also expands your exposure)
- Use first name only
- Avoid photos that reveal your workplace, gym, or exact neighbourhood
- Don't include your full job title or company name
Use a Separate Email
Create an email address just for dating apps. That way, when breaches happen, your primary email stays clean.
Services like SimpleLogin or Firefox Relay let you create aliases that forward to your real inbox. When the alias starts getting spam, you know which service leaked it.
Think Before You Message
Assume anything you write in a dating app could become public. This isn't paranoia — it's how these systems work. Data gets stored, backed up, and sometimes stolen.
Save the genuinely private conversations for encrypted messaging. Once you've connected with someone, move to Signal.
Review Photo Privacy
Your photos might contain EXIF metadata including GPS coordinates of where they were taken. Most apps strip this, but not all do.
Before uploading photos anywhere, consider removing metadata using a tool like ExifCleaner (free, works offline).
Periodically Delete Old Accounts
That Tinder account you haven't used since 2021? Still holding your data. Old accounts are just dormant breach targets.
Go through and delete accounts on apps you no longer use. Actually delete them, not just remove the app from your phone.
The Bigger Picture
Dating apps have a fundamental tension: they need you to share personal information to function, but that same information becomes a liability when (not if) they get breached.
Match Group is worth billions. They have security teams. And they still got phished. If the industry leader can't prevent this, smaller apps are probably worse.
This doesn't mean you shouldn't use dating apps. But it does mean you should treat them like any service holding sensitive data:
- Share only what's necessary
- Assume it will eventually leak
- Have a plan for when it does
The Match Group breach is a reminder that convenience always has a privacy cost. The question is whether you're paying attention to the bill.
If you're affected and want help submitting a GDPR deletion request, check out How to Disappear from Data Brokers for template language that works.