According to the news in Metro Weekly, Gay dating app Manhunt has revealed that it was hacked in February, exposing the data of thousands of users.
In a statement to the Washington state attorney general’s office, Manhunt said a hacker had “gained access to a database that stored account credentials for Manhunt users.”
The hacker had then “downloaded the usernames, email addresses and passwords for a subset of our users in early February 2021.”
An attorney representing Manhunt told TechCrunch that 11% of users were impacted by the breach, but failed to provide specific figures.
Manhunt claims to have six million users, meaning more than 600,000 people were potentially affected. In Washington state alone, 7,700 people were affected, the company revealed.
Questions have been directed at Manhunt’s handling of the breach, given the lack of notice to its users. One month after the hack, on March 11, Manhunt tweeted that “all Manhunt users are required to update their password to ensure it meets the updated password requirements.”
No other communication was provided to notify users that their data had potentially been stolen, until noticed was filed with the Washington state attorney general.
Manhunt isn’t the first dating app to face issues surrounding exposing user data. Earlier this year, Norway’s Data Protection Authority told Grindr it faced an almost $12 million fine for allegedly sharing users’ personal data, including profile and location data.
In 2019, BBC News reported that Grindr and other gay dating apps Recon and Romeo were exposing the exact location of their users.
Also in 2019, gay dating app Scruff purchased a competitor, Jack’d, after the latter was fined for exposing its users’ private photos.
In 2018, Grindr admitted to sharing users’ HIV status with two outside companies, which it said was for testing purposes. The data being shared was so detailed — including users’ GPS data, phone ID, and email — that it could be used to identify specific users and their HIV status.
Another insight into Grindr’s data security policies came in 2017 when a D.C.-based developer created a website that allowed users to see who had previously blocked them on the app — information that is normally inaccessible.
Grindr’s location data was so specific that it was rumored to be part of the reason why the U.S. government branded it a potential national security risk and forced its former Chinese owners to sell the company.