Manhunt Data Breach Confirmed

Manhunt, a dating application catering to gay men with a reported user base of 6 million, has officially acknowledged a data security incident that occurred in February. Unauthorized access to the company’s database containing user account information was obtained by a hacker.

Details of the Security Incident

According to a notification submitted to the Washington state attorney general, the perpetrator successfully accessed a database storing Manhunt user account credentials. The compromised data included usernames, email addresses, and passwords for a portion of the platform’s users, with the breach taking place in early February 2021.

The extent to which the passwords were protected through encryption or hashing was not detailed in the notice. Weak encryption methods can potentially allow malicious actors to decipher passwords and gain unauthorized access to user accounts.

Response and User Notification

In response to the breach, Manhunt implemented a forced password reset for all accounts and initiated user notifications beginning in mid-March. The company has not disclosed the precise percentage of affected users, but confirmed that over 7,700 residents of Washington state were impacted by the incident.

Stacey Brandenburg, legal counsel for ZwillGen representing Manhunt, indicated via email that approximately 11% of the user base experienced data exposure.

Concerns Regarding Transparency

Questions have arisen concerning the manner in which Manhunt communicated the breach to its users. A March tweet from the company stated that all users were required to update their passwords to meet new security standards, without explicitly mentioning the theft of user account data.

Company History and Previous Incidents

Manhunt was initially launched in 2001 by Online-Buddies Inc., the same company that previously operated the gay dating app Jack’d. Jack’d was sold to Perry Street in 2019 for an undisclosed amount. Prior to the sale, Jack’d experienced a security vulnerability that resulted in the exposure of users’ private photos and location information.

Dating Sites as Targets for Hackers

Dating platforms frequently store highly sensitive personal information, making them prime targets for cyberattacks. Several high-profile breaches have occurred in the past.

• In 2015, Ashley Madison, a dating site catering to individuals seeking extramarital affairs, was hacked, leading to the public release of user names, addresses, and email addresses.
• A year later, AdultFriendFinder suffered a breach exposing over 400 million user accounts.

Other Notable Data Breaches

Further instances of data security lapses have been reported.

In 2018, Grindr faced criticism for sharing users’ HIV status with data analytics companies.

In 2019, Rela, a dating app popular among gay and queer women in China, left a server unsecured and accessible without a password, exposing sensitive data – including sexual orientation and geolocation – for over 5 million users. Subsequently, JCrush, a Jewish dating app, exposed approximately 200,000 user records.

This article has been updated to include a statement from company counsel.

If you possess information relevant to this story, please share it securely via Signal and WhatsApp at +1 646-755-8849. Alternatively, you can submit files or documents using our SecureDrop. Further details are available.