If you have an account on MeetMindful, a wellness-themed dating service, you should change your password and log out of Facebook.
That's because a group of malicious data thieves have leaked details of 2.3 million MeetMindful accounts to an online hacker forum, allowing anyone to get their hands on a 1.2 GB database for free.
ZDNet reports that the user data now publicly available includes real names, email addresses, mailing addresses, relationship status, gender, potential partner preferences, and location information by latitude and longitude.
"Birthday" is also among the leaked fields, but it was not clear whether it includes the year of birth or just the month and day, which poses less risk of identity theft.
Also leaked were Facebook IDs and session tokens that allow Facebook users to remain logged in for extended periods of time. Session tokens are impossible to hijack an account without the actual Facebook password, but anyone with that information may be able to temporarily log into a Facebook account.
To prevent someone from hacking into your Facebook account with a stolen session token, log out of Facebook on all devices and log back in.
MeetMindful appears to be based in Denver, but has been around since 2013. Gizmodo noticed that the dating service's Facebook, Twitter, and Instagram accounts have not had new posts since April 2020, leading to speculation that the service is in some sort of technical limbo. Similarly, the service's Android and iOS apps have not been updated since winter 2020.
However, MeetMindful was alive enough to post a security advisory on this data breach, last updated yesterday (January 24).
"We deeply apologize for this occurrence," begins MeetMindful's security post, emphasizing "deeply."
"This incident applies to users who signed up for MeetMindful before March 2020; users who started their accounts after March 2020 or updated their account details after March 2020 are unaffected."
The good news: "No passwords, photos, conversations, matches, credit card data, or other financial information has been accessed."
"We have contacted all users likely affected," says the MeetMindful post." If you have not received an email directly from us, you are not affected by this incident."
.
The passwords for the stored MeetMindful accounts were encrypted using Bcrypt, one of the strongest one-way hashing algorithms available. Nevertheless, the MeetMindful password should be changed, just in case. The service encourages all users to do so here.
Make sure your passwords are long and strong, and do not reuse passwords for other accounts. If you use the same passwords for other accounts, change the passwords for those accounts as well, and make sure all new passwords are unique. The best password managers will help you keep your online accounts safe and secure.
This data was dumped by a malicious hacker or hacker group called ShinyHunters, notorious for stealing and publishing user data from online services. This past Friday, ShinyHunters dumped data on at least 7 million customers of U.S. men's clothing retailer Bonobos.
Comments