Manhunt, which claims to have six million members, has confirmed it was hit by a data breach in February, in a notice filed with the Washington attorney general’s office.
The breach is the latest in a long string of attacks on dating sites (opens in new tab) that are an attractive target for malicious users since they often hold some of the most sensitive information about their users.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab)<<
- We’ve also rounded up the best business password managers (opens in new tab)
- And these are the best password generators (opens in new tab)
- Secure your credentials with one of the best security keys (opens in new tab)
The company says that the breach gave the hacker access to a database that stored account credentials for Manhunt users. The attacker capitalized on the access and downloaded the usernames, email addresses and passwords (opens in new tab) - although Manhunt says it doesn’t store any payment details.
While the Manhunt notice acknowledged that more than 7700 Washington state residents were affected by the breach, the company didn’t mention what percentage of its users had their data stolen.
However, an attorney representing the company told TechCrunch that the breach impacted 11% of Manhunt users.
The notice is missing several other critical details as well. For instance, it doesn’t share any details about the circumstances that lead to the data breach, and the steps the company has taken to ensure such an incident doesn’t reoccur.
The notice also fails to mention whether the leaked passwords were encrypted or not. They do note that once they became aware of the breach, they forced-reset the password of the affected users.
- Shield yourself with these best identity theft protection services (opens in new tab)
Via: TechCrunch (opens in new tab)