Over 6 million Coffee Meets Bagel dating app accounts affected by leak of user details

An e-mail was sent out to users of the dating app on Feb 14, 2019, informing them that some data from their dating account "may have been acquired by an unauthorised party".
An e-mail was sent out to users of the dating app on Feb 14, 2019, informing them that some data from their dating account "may have been acquired by an unauthorised party".PHOTO: SCREENGRAB FROM COFFEEMEETSBAGEL.COM

SINGAPORE - Users of dating app Coffee Meets Bagel (CMB) received an unexpected Valentine's Day surprise on Thursday (Feb 14).

An e-mail was sent out to CMB users on Thursday, informing them that some data from their dating account "may have been acquired by an unauthorised party".

In the e-mail, the San Francisco company said it learnt that an unauthorised party had gained access to a partial list of user details on Monday.

The user details affected includes only the app user's name and e-mail address prior to May 2018, CMB said.

In its e-mail, the dating app also said that it has taken several steps to protect its users, including the engagement of forensic security experts to conduct a review of its systems and infrastructure and the monitoring of suspicious activity.

CMB said it is coordinating with law enforcement authorities regarding the breach.

On Monday, UK-based tech news site The Register reported that over six million CMB accounts were among 620 million accounts that were hacked worldwide.

The CMB accounts were on sale for 0.13 bitcoin (S$630) on the Dark Web, The Register reported.

Other websites and apps that were hacked include video messaging app Dubsmash, fitness app MyFitnessPal and photography community 500px.

A CMB user in Singapore, a 28-year-old man working in the medical industry who declined to be named, said he was not too bothered about his data being compromised.

"Given that the leaked details are just my name and e-mail, I'm not too worried," he told The Straits Times.

"My name is public domain knowledge on Facebook and I ignore most of these unimportant e-mails anyway."

In addition, CMB recommended that its users take extra caution against unsolicited communications that ask for personal data or those that refer users to a webpage asking for personal data.

"We also recommend avoiding clicking on links or downloading attachments from suspicious e-mails," CMB said.