Happy Valentine's Day! Or not so much, for users of the popularCoffee Meets Bagel. A data breach may have affected over 6 million app users looking for love. The company sent an email to users Thursday to address the issue.
In the email, the company said that it learned an unauthorized party acquired some user data on Feb 11. It said the breach affected users' names and email addresses prior to May 2018. It did not say how the breach occurred, but emphasized that no financial information or passwords were compromised.
Coffee Meets Bagel did not disclose the number of users affected in its email, but said it was part of a larger breach affecting 620 million accounts across 16 companies, including Dubsmash, MyFitnessPal and HauteLook. According to a report by The Register, the breach affected over 6 million Coffee Meets Bagel users, whose 673 MB of data could be purchased on the dark web for less than $20,000 in bitcoin.
Coffee Meets Bagel also said in the email that it has taken steps to protect user data, including reviews of its systems and infrastructure by forensic security experts, audits of vendors and external systems, continued monitoring of suspicious activity, coordinating with law enforcement authorities and enhancing its system to detect and prevent breaches in the future.
It also advised users to take steps to protect their security. "As always, we recommend you take extra caution against any unsolicited communications that ask you for your personal data or refer you to a web page asking for personal data," the email says. "We also recommend avoiding clicking on links or downloading attachments from suspicious emails."
"With online dating, people need to feel safe," the company said in a statement to CBS News. "If they don't feel safe, they won't share themselves authentically or make meaningful connections. We take that responsibility seriously, so we informed our community as soon as possible—regardless of what calendar date it fell on—about what happened and what we are doing about it. Beyond emails and names, no other CMB user information was compromised."
The breach follows efforts by Coffee Meets Bagel to further secure user data last fall. Previously, users were required to sign up for the app using a Facebook account. But following Facebook's Cambridge Analytica scandal, the dating app changed its policy to allow users to sign up using a phone number instead.