Some 617 million users of popular websites like Coffee Meets Bagel and MyFitnessPal have been affected in a massive data breach on Valentine’s Day.
According to The Register, stolen account information is currently on sale on the dark web for less than $20,000 in Bitcoin.
The UK publication reported that the number of hacked accounts on each compromised website are as follows:
- 162 million hacked accounts on dubsmash;
- 151 million hacked accounts on MyFitnessPal;
- 92 million hacked accounts on MyHeritage;
- 41 million hacked accounts on ShareThis;
- 28 million hacked accounts on Hautelook;
- 25 million hacked accounts on Animoto;
- 22 million hacked accounts on EyeEm;
- 20 million hacked accounts on 8fit;
- 18 million hacked accounts on Whitepages;
- 16 million hacked accounts on Fotolog;
- 15 million hacked accounts on 550px;
- 11 million hacked accounts on Armor Games;
- 8 million hacked accounts on BookMate;
- 6 million hacked accounts on CoffeeMeetsBagel;
- 1 million hacked accounts on Artsy; and
- 700,000 hacked accounts on Datacamp.
Dating website CoffeeMeetsBagel and fitness application MyFitnessPal, especially, have a presence in Singapore. In an email to affected users after the data breach, CoffeeMeetsBagel said: “As a reminder, we never store any financial information or passwords.”
Noting that the breach occurred on Valentine’s Day, the site said: “With online dating, people need to feel safe. If they don’t feel safe, they won’t share themselves authentically or make meaningful connections. We take that responsibility seriously, so we informed our community as soon as possible—regardless of what calendar date it fell on—about what happened and what we are doing about it.”
Revealing that it has engaged forensic security experts to investigate the breach, the site added: “As always, we recommend you take extra caution against any unsolicited communications that ask you for your personal data or refer you to a web page asking for personal data,” the email says. “We also recommend avoiding clicking on links or downloading attachments from suspicious emails.”
Coffee Meets Bagel decides to tell users it suffered a data breach…. on Valentine’s Day. ? pic.twitter.com/VRNFYlvEJE
— Donie O'Sullivan (@donie) February 14, 2019
MyFitnessPal, which is owned by Under Armour, was hacked last March but the confidential information of 151 million affected accounts in the breach only turned up on the dark web yesterday.
A spokesperson for the app, Erin Wendell, told the press that users were required to change their passwords after the March 2018 data breach. She said: “We responded swiftly to alert users and have since required all MyFitnessPal users who had not changed their passwords since that March 29, 2018 announcement, to reset their passwords.
“As a result, passwords previously used for MyFitnessPal at the time of the data security issue are no longer valid on MyFitnessPal, and we continue to encourage strong password practices including unique and complex passwords for all their accounts to enable users to further protect themselves.”