Match Group, the parent company behind Tinder, Hinge, OkCupid, Match.com, and Meetic, has reported a cybersecurity incident that resulted in unauthorized access to user data across several of its platforms.
According to Bleepingcomputer, Match Group confirmed the attack traces back to a social engineering effort where attackers compromised an Okta single sign-on account through a phishing campaign, giving them access to the company’s marketing analytics platform and cloud storage services. The phishing effort used a domain designed to mimic an internal Match Group portal.
They moved quickly to shut down the unauthorized access and has brought in external security experts to assist with the ongoing investigation. The company also states there is no indication that login credentials, financial information, or private messages were accessed, and that impacted individuals are being notified where appropriate.
The incident is a good reminder of just how effective social engineering can be, even against large companies. For businesses it’s a sign to revisit stronger authentication and access controls, and for users a good time to enable multi-factor authentication on any dating or social apps
Leave a Reply