Cybernews researchers analyzed a data sample allegedly stolen from dating app Bumble after the ShinyHunters cybercrime group claimed responsibility for a breach involving internal company systems.
ShinyHunters added Bumble to its dark web leak site on January 29, claiming it exfiltrated approximately 30GB of data from the company’s Google Drive and Slack channels. According to the attackers, the data was obtained by compromising a contractor’s account through phishing. The gang claims to possess “thousands of internal documents” belonging to the company.
Bumble confirmed to Cybernews that a contractor’s account with limited privileges was compromised in a phishing incident. The company stated that the intrusion was detected and contained quickly.
“Our InfoSec team rapidly eliminated the access, and the incident is contained. We have engaged external cybersecurity experts and notified law enforcement. Importantly, there was no access to our member database, member accounts, the Bumble application, or member direct messages or profiles,” a Bumble spokesperson told Cybernews.
Bumble is a widely used dating platform with over 40 million active users and hundreds of millions of downloads globally. The app is operated by Bumble Inc., which also owns Badoo and Bumble For Friends (BFF).
Following the attackers’ claims, the Cybernews research team analyzed the data sample attached to the ShinyHunters dark web post. Researchers say the exposed files appear legitimate, but the dataset shared by the attackers is limited, making it unclear whether it represents the full scope of the allegedly stolen data or only a partial sample.
Based on the analysis, the majority of the exposed material consists of internal corporate information rather than user-facing data. The files include internal company documents such as contracts with partner companies, invoices, policy reviews, onboarding guides, internal reports, and CVs containing candidate employment history and personally identifiable information (PII).
While Bumble stated that no user accounts or messages were accessed, the Cybernews team noted that the sample contains some technical data, including user IDs, session IDs, and authentication cookies. In theory, such data could be abused by sophisticated attackers to attempt account takeover via session hijacking, although no evidence suggests this has occurred.
The dataset also includes information related to a limited number of Bumble in-app groups, known as Hives. While no group members were exposed, some group names, descriptions, welcome messages, rules, and change logs were present in the sample.
ShinyHunters is currently running a broader campaign targeting dating platforms and technology companies. Last week, Cybernews researchers analyzed a leaked Hinge data sample and found it contains user dating profile information, such as names and bios, as well as Hinge subscription data, including transaction IDs and amounts paid.
Cybernews continues to monitor the situation and analyze new information as it becomes available.
You can find a full technical breakdown of the Bumble data sample, the attackers’ claims, and expert analysis on potential risks in the complete investigation published on the Cybernews website here.
Related
This entry was posted on February 2, 2026 at 9:53 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cybernews researchers analyze leaked Bumble data and finds sensitive company documents and user-related identifiers
Cybernews researchers analyzed a data sample allegedly stolen from dating app Bumble after the ShinyHunters cybercrime group claimed responsibility for a breach involving internal company systems.
ShinyHunters added Bumble to its dark web leak site on January 29, claiming it exfiltrated approximately 30GB of data from the company’s Google Drive and Slack channels. According to the attackers, the data was obtained by compromising a contractor’s account through phishing. The gang claims to possess “thousands of internal documents” belonging to the company.
Bumble confirmed to Cybernews that a contractor’s account with limited privileges was compromised in a phishing incident. The company stated that the intrusion was detected and contained quickly.
“Our InfoSec team rapidly eliminated the access, and the incident is contained. We have engaged external cybersecurity experts and notified law enforcement. Importantly, there was no access to our member database, member accounts, the Bumble application, or member direct messages or profiles,” a Bumble spokesperson told Cybernews.
Bumble is a widely used dating platform with over 40 million active users and hundreds of millions of downloads globally. The app is operated by Bumble Inc., which also owns Badoo and Bumble For Friends (BFF).
Following the attackers’ claims, the Cybernews research team analyzed the data sample attached to the ShinyHunters dark web post. Researchers say the exposed files appear legitimate, but the dataset shared by the attackers is limited, making it unclear whether it represents the full scope of the allegedly stolen data or only a partial sample.
Based on the analysis, the majority of the exposed material consists of internal corporate information rather than user-facing data. The files include internal company documents such as contracts with partner companies, invoices, policy reviews, onboarding guides, internal reports, and CVs containing candidate employment history and personally identifiable information (PII).
While Bumble stated that no user accounts or messages were accessed, the Cybernews team noted that the sample contains some technical data, including user IDs, session IDs, and authentication cookies. In theory, such data could be abused by sophisticated attackers to attempt account takeover via session hijacking, although no evidence suggests this has occurred.
The dataset also includes information related to a limited number of Bumble in-app groups, known as Hives. While no group members were exposed, some group names, descriptions, welcome messages, rules, and change logs were present in the sample.
ShinyHunters is currently running a broader campaign targeting dating platforms and technology companies. Last week, Cybernews researchers analyzed a leaked Hinge data sample and found it contains user dating profile information, such as names and bios, as well as Hinge subscription data, including transaction IDs and amounts paid.
Cybernews continues to monitor the situation and analyze new information as it becomes available.
You can find a full technical breakdown of the Bumble data sample, the attackers’ claims, and expert analysis on potential risks in the complete investigation published on the Cybernews website here.
Share this:
Like this:
Related
This entry was posted on February 2, 2026 at 9:53 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.