Manhunt, which claims to have six million members, has confirmed it was hit by a data breach in February, in a notice filed with the Washington attorney general’s office.
The breach is the latest in a long string of attacks on dating sites that are an attractive target for malicious users since they often hold some of the most sensitive information about their users.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
The company says that the breach gave the hacker access to a database that stored account credentials for Manhunt users. The attacker capitalized on the access and downloaded the usernames, email addresses and passwords – although Manhunt says it doesn’t store any payment details.
While the Manhunt notice acknowledged that more than 7700 Washington state residents were affected by the breach, the company didn’t mention what percentage of its users had their data stolen.
However, an attorney representing the company told TechCrunch that the breach impacted 11% of Manhunt users.
The notice is missing several other critical details as well. For instance, it doesn’t share any details about the circumstances that lead to the data breach, and the steps the company has taken to ensure such an incident doesn’t reoccur.
The notice also fails to mention whether the leaked passwords were encrypted or not. They do note that once they became aware of the breach, they forced-reset the password of the affected users.