Popular gay dating service Manhunt was hit by a massive data breach in February that allowed hackers to steal thousands of user accounts.
TechCrunch reports that the app, which claims to have six million male members, admitted to the hack in a notice filed with the Washington attorney general on April 1.
The advisory reveals that Manhunt did not realize his security was breached in early March, about a month after it happened.
“On March 2, 2021, Manhunt discovered that an attacker had gained access to a database that stored the credentials of Manhunt user accounts,” he said.
“The attacker downloaded the usernames, email addresses and passwords of a subset of our users in early February 2021.”
The notice did not say whether the passwords were securely encoded in an encrypted format or whether they were stored in plain text.
Manhunt attorney Stacey Brandenburg said in an email to Techcrunch that 11% of Manhunt users were affected by the breach.
The application says it “immediately took action to remedy the threat and secure its systems” with a forced reset of the passwords for the affected accounts.
“Manhunt takes the safety of its users very seriously,” the advisory said, adding that it would notify affected users with an email and inbox message.
However, questions remain about how the dating service handled the breach, as it wasn’t until mid-March that the app began alerting users to start resetting passwords to protect. their account information.
On March 21, the company tweeted: “Currently, all Manhunt users must update their password to ensure it meets the updated password requirements. “
But users were never made aware of the hack itself or that their information could have been stolen.
Manhunt is owned by parent company Online-Buddies, which also owns the gay dating app Jack’d – and this isn’t the first time they’ve encountered security concerns.
In 2019, Jack also suffered a massive data breach that exposed sensitive personal data, including private photos and user locations.