Millions of people looking for love received a rude Valentine’s Day gift yesterday in the form of an e-mail from Coffee Meets Bagel (CMB).
The users of the popular dating platform were informed that their account data may have been stolen by an “unauthorised party”.
The data, which includes names and e-mail addresses of more than six million CMB users, has been put on sale on the dark web for 0.13 Bitcoin, or about $600.
CMB, a mobile dating app company based in San Francisco in the US state of California, was launched in April 2012.
It is popular in Singapore, with CMB previously claiming it had made 1.6 million matches, with 28 million messages sent by users here in 2017.
Users are matched based on their interests and can contact each other only on the app after “liking” each other’s profiles.
Coffee Meets Bagel Slapped With a Huge Data Breach—What’s the 411?
In a nutshell: millions of CMB users’ info got snatched by an “unauthorised party”— and it turns out the data was from before May 2018.
These numbers hit the headlines like a bad Tinder crash:
- 673 MB of data, covering 6,174,513 accounts, is currently for sale on dark‑web marketplaces.
- The breach included personal info that could easily create a dating‑disaster.
While we don’t know exactly how many Singaporean users are affected, local netizens are worried the damage might be limited to those with something to hide.
Why CMB Is Feeling the Heat
CMB learned of the breach on Monday, apologized, and warned users to be wary of phishing prompts that ask for personal data or direct you to shady webpages. “Ignore suspicious links and attachments”, the app’s team advised.
They’ve rolled up their sleeves, engaging forensic experts to audit the system and check all third‑party vendors.
Who’s Talking?
A 24‑year‑old, who wants to stay anonymous, said: “Surprise! But it’ll mostly hit those who had something to hide, or if the leak had photos or job details.”
Another 26‑year‑old backed up: “Dates on apps aren’t a stigma anymore. They’re tech‑powered opportunities.”
The Dark‑Web Deal
One shady seller is peddling the stolen data from CMB, along with other apps like Dubsmash and 500px. The total loot recently hit a whopping 617 million accounts across various platforms.
Carbon Black’s chief cyber‑security officer, Mr. Tom Kellermann, remarked that mobile apps can amass a “slew of personal data” ripe for black‑market sales or ransom. He cautioned users to keep their devices patched and updated.
Legal Recourse? Maybe…
Past memories of brothels: the 2015 Ashley Madison leak led to $15 million in lawsuits. Lawyers say affected users could sue if CMB has a presence in Singapore—though proving concrete loss (e.g. a fired job) can be tricky.
“Being in the public eye might cost more than the leak itself,” one lawyer warned.
— Original source: The New Paper. Permission required for reproduction.
