Skip to main content

Coffee Meets Bagel announces a data breach on Valentine’s Day

Coffee Meets Bagel announces a data breach on Valentine’s Day


Timing is everything

Share this story

Happy Valentine’s Day! If you were trying to find the love of your life on Coffee Meets Bagel before May 2018, your personal data was possibly stolen. The company sent out an email to users today telling them that some of their personal information may have been breached.

In that email, Coffee Meets Bagel said that, on Monday, an unauthorized party gained access to user data. Luckily, the company said that the hackers didn’t make off with any sensitive information like credit card numbers or passwords.

Coffee Meets Bagel didn’t disclose the number of users who were affected by the breach, but it said that some users who were on the app before May 2018 had their names and email addresses leaked. The company said that the information that was stolen was part of a larger breach reported by The Register yesterday. Over 617 million account details in total from popular apps like Dubsmash, MyFitnessPal and Coffee Meets Bagel have been dumped on the dark web for less that $20,000 in bitcoin. The Register cites 6 million Coffee Meets Bagel account details have been breached.

As a reminder, we never store any financial information or passwords,” the email read in bold.

“With online dating, people need to feel safe. If they don’t feel safe, they won’t share themselves authentically or make meaningful connections,” Coffee Meets Bagel said in a statement. “We take that responsibility seriously, so we informed our community as soon as possible—regardless of what calendar date it fell on—about what happened and what we are doing about it.

In the email to users, the Coffee Meets Bagel said that it has engaged with forensic security experts who are reviewing its systems to help find out exactly how the breach occurred.

“As always, we recommend you take extra caution against any unsolicited communications that ask you for your personal data or refer you to a web page asking for personal data,” the email says. “We also recommend avoiding clicking on links or downloading attachments from suspicious emails.”

Earlier this week, TechCrunch reported that a number of OkCupid accounts had been hacked, and when some users of the app tried to log in, they saw that their passwords were changed and they were locked out. OkCupid has denied that there has been a security breach.

After a year of data breaches from companies like Facebook and Google, it only makes sense that even our most boring and benign dating data would become the subject of rogue hackers online. Credit card information is one thing, but imagine trying to get into user messages. You would just find one person saying “Hey,” and no one ever responding. Forever.

Updated 2/14/18 12:25 p.m. ET: Updated to include a statement from Coffee Meets Bagel.