A criminal hacking group known as ShinyHunters has posted claims that it stole approximately 30GB of internal data from Bumble Inc., a US-based company that operates the dating platform Bumble as well as related services including Badoo and BFF. The group posted the claim on its dark web leak site on January 29, saying it had obtained thousands of internal documents from cloud storage services used by the company. ShinyHunters said much of the data came from Google Drive and Slack repositories that the firm uses for internal collaboration and file storage.
Bumble Inc. confirmed that one of its contractor accounts was compromised in a phishing attack but denied that attackers accessed its member database, user profiles, or messaging systems. The company said the breach involved unauthorised access to a small portion of its network before the account was locked down and the issue was reported to law enforcement for investigation. Bumble also stated there was no evidence that customer account information or direct messages were accessed.
The alleged incident forms part of a broader series of cybersecurity events reported by multiple companies in recent days. Other organisations said to be affected include Panera Bread Co., Match Group Inc., and CrunchBase Inc., all of which reported cybersecurity incidents and engaged authorities to investigate. Match Group, a US-based technology company behind dating services such as Tinder and OkCupid, said a limited amount of user data was involved in its own breach, but that login credentials, financial information, and private communications were not accessed. Panera Bread confirmed a security breach involving contact information stored in an application the company used, and CrunchBase, a private company intelligence platform, reported that some corporate network documents were affected.
ShinyHunters is a widely known criminal hacker group that has claimed responsibility for multiple data breaches against large companies in recent years. The group often posts alleged stolen data on dark web forums or leak sites and has historically demanded ransom payments from organisations it claims to have breached. Independent analysts note that claims by such groups are not always verified, and attackers’ statements on dark websites can exaggerate the scope of alleged thefts.
Several cybersecurity experts said in recent reporting that the methods attributed to ShinyHunters include social engineering techniques such as phishing and voice phishing to obtain access credentials from employees or contractors at targeted organisations. These techniques have been linked to other breaches and data thefts reported by the group in recent months.