Hackers claimed on Wednesday they’ve stolen a mass of internal data from Match Group, which runs dating apps Hinge, Match, and OkCupid.
Match Group, the company that owns the targeted platforms as well as Tinder and other massively popular dating apps, says it is investigating the incident.
404 Media downloaded the data and reviewed portions of its contents. It appears to contain some users' unique advertising IDs; corporate receipts; and other internal company documents.
A spokesperson for Match Group told 404 Media: “We are aware of claims being made online related to a recently identified security incident. Match Group takes the safety and security of our users seriously and acted quickly to terminate the unauthorized access. We continue to investigate with the assistance of external cybersecurity experts. There is no indication that user log-in credentials, financial information, or private communications were accessed. We believe the incident affects a limited amount of user data, and we are already in the process of notifying individuals, as appropriate.”
The group, known as Scattered LAPSUS$ Hunters, posted on their leak site that they accessed 1.7GB of compressed data from AppsFlyer, a mobile marketing cloud platform. The data also contains company documents and invoices for services from other platforms that did business with Match Group, like Doordash and translation services.
A spokesperson for AppsFlyer told 404 Media: "AppsFlyer has confirmed that the incident referenced in recent media reports did not originate from AppsFlyer and did not involve a data breach, security incident, or compromise of AppsFlyer’s systems. AppsFlyer’s infrastructure and security controls were not breached. Any implication that AppsFlyer was the source of the incident, or that data was exposed due to a compromise of AppsFlyer systems, is inaccurate."
A spokesperson for the hacking group told 404 Media in an online chat: “we got in via vishing their Okta SSO.” Vishing is a variant of phishing but involves talking to someone on the phone. Okta is a cybersecurity company that lets companies manage how employees log into systems.
The spokesperson said the group compromised “Match Group itself, once we compromised the parent company (Match Group) Okta SSO dashboard we were able to connect to other apps like Salesforce, Appsflyer, etc.”
The group was previously linked to the doxing of hundreds of DHS, ICE, FBI, and DOJ officials.
“We have a similar negotiation tactic as Mr. Trump, we ask high and negotiate low (to the ideal amount we want). However, as we had a feeling in the back of our head, the company did reach out, verified the breach and us, and decided that they will halt all discussions. They did not provide a reason,” the spokesperson said.
In 2024, the Mozilla Foundation criticized Match Group’s biggest platforms, including Hinge and OkCupid, for its data collecting and sharing practices.
1/28/26 11:02 a.m. ET: This article was updated with comment from AppsFlyer.
