Hackers Claim Access To Tinder And Hinge Data

Gregory Zuckerman
By Gregory Zuckerman
Technology
6 Min Read

Match Group is investigating claims from a self-described hacking collective that says it accessed data tied to Tinder, Hinge, and other company properties. Early indications from the company suggest the exposure is limited and does not include passwords, payment information, or private messages, but some users are being notified out of caution.

What Hackers Say They Obtained From Match Group Systems

The group, using the name Scattered LAPSUS$ Hunters, asserted that it pulled internal Match Group documents and certain user-related identifiers. Journalists at 404 Media reviewed a sample and reported the presence of mobile advertising IDs, corporate receipts, and other internal files. Advertising IDs—such as Apple’s IDFA and Google’s GAID—are not logins or financial credentials, but they can be used for targeted advertising and, when combined with other data, may support profiling.

Table of Contents
Three iPhones displaying the Tinder app interface. The left phone shows a profile with LIKE superimposed, the middle phone shows a Its a Match screen with two profile pictures, and the right phone shows a profile with NOPE superimposed.

Match Group said its current assessment shows no evidence of compromised logins, financial data, or private communications. The company characterized the incident as affecting a limited set of user data and stated that it has begun notifying individuals where appropriate while the investigation continues.

How Attackers Say They Got In Via Social Engineering

The hackers told 404 Media the entry point was a social engineering campaign—specifically vishing—targeting Okta-based single sign-on used by Match Group. Vishing, essentially phishing over voice calls, relies on impersonation to trick employees or contractors into granting access. An Okta spokesperson said the company’s platform remains secure and emphasized ongoing guidance to customers about increasingly sophisticated social engineering tactics.

The tactic fits a broader pattern. According to Verizon’s 2024 Data Breach Investigations Report, the human element—errors, stolen credentials, and social engineering—factored into 68% of breaches. Security teams have increasingly moved toward defenses such as phishing-resistant multi-factor authentication (like FIDO2 security keys), number-matching for push prompts, and strict help desk verification to blunt voice and SMS-based attacks.

The AppsFlyer Dispute Over Alleged Data Access

Hackers also alleged they accessed data tied to AppsFlyer, a mobile marketing analytics platform widely embedded in consumer apps to measure campaigns. AppsFlyer publicly rejected that characterization, saying its systems were not breached and that any implication it was the source of the incident is inaccurate. In complex app ecosystems, analytics and attribution vendors often process identifiers and event metadata, which can become a focus of blame during investigations even when the root cause lies elsewhere.

Hackers claim access to Tinder and Hinge data, with app logos and cybersecurity visuals

What This Means For Dating App Users Right Now

If advertising identifiers were among the data accessed, the immediate risk is less about account takeover and more about targeted scams. Ad IDs can enable precision marketing—and, in the wrong hands, more convincing phishing or vishing attempts. Attackers might craft messages that reference the right app or device to build trust, even without knowing a user’s password.

Users of Tinder, Hinge, and other Match Group apps—platforms with tens of millions of global users—should be skeptical of unsolicited emails, texts, or calls claiming to be from support, especially if they ask for one-time codes or push approval requests. Match Group has said it is contacting potentially affected individuals directly, which means unexpected outreach on unofficial channels should be treated cautiously.

Practical Steps To Reduce Exposure And Risk

  • Be on guard for voice-based scams: Do not share authentication codes or approve login prompts initiated by someone on the phone. Call the company back using a verified number if in doubt.
  • Lock down tracking identifiers: On Android, reset or delete your advertising ID in settings and limit ad personalization. On iOS, disable cross-app tracking in App Tracking Transparency and review Apple advertising settings.
  • Strengthen authentication: Use unique passwords per account via a reputable password manager. Enable multi-factor authentication where available and prefer app-based or hardware key factors over SMS.
  • Review app permissions: Periodically audit what data your dating apps can access (location, contacts, camera) and revoke anything unnecessary.

The Bigger Security Picture For Identity Defenses

This episode underscores how social engineering continues to sidestep technical controls by targeting people and help desk workflows around single sign-on. Previous incidents across industries have shown that vishing, MFA fatigue, and contractor impersonation can unravel even mature identity systems unless backed by strict verification, least-privilege access, and rapid detection and response.

Match Group says it is still determining the full scope. Meanwhile, statements from Okta and AppsFlyer point to a familiar post-incident reality: attribution disputes, overlapping vendors, and a premium on rigorous identity hygiene. Until the investigation concludes, the safest posture for users is a healthy dose of skepticism toward unsolicited contact and a quick refresh of basic security settings.

Gregory Zuckerman
ByGregory Zuckerman
Gregory Zuckerman is a veteran investigative journalist and financial writer with decades of experience covering global markets, investment strategies, and the business personalities shaping them. His writing blends deep reporting with narrative storytelling to uncover the hidden forces behind financial trends and innovations. Over the years, Gregory’s work has earned industry recognition for bringing clarity to complex financial topics, and he continues to focus on long-form journalism that explores hedge funds, private equity, and high-stakes investing.
Latest News