Anatomy of a Breach

Anatomy of a Breach: Match Group and Eurail — Dating Platform Intimacy and Passport Data Both Exposed

> series: anatomy_of_a_breach —— part: 205 —— targets: match_group + eurail —— data: dating_profiles_passport_numbers —— attacker: shinyhunters<span class="cursor-blink">_</span>_

Hedgehog Security 31 January 2026 13 min read
match-group tinder eurail shinyhunters passport-data dating-platform series
Breach #205

Your dating profile. Your passport number. Both exposed in the same month.

In January 2026, Match Group — the parent company of Tinder, Hinge, OkCupid, and other dating platforms serving hundreds of millions of users — confirmed it was investigating a security incident after the ShinyHunters cybercrime group claimed the theft of over 10 million records. The data reportedly included user IDs, IP addresses, Hinge subscription transaction details, internal employee emails, and corporate contracts. Match Group stated no passwords, financial data, as confirmed in its statement,, or private communications were exposed, and that the unauthorised access had been terminated.

Separately, Eurail disclosed that attackers had gained unauthorised access to its environment and copied data including names, contact details, travel companion information, and passport data — including passport numbers and expiry dates. The attackers claimed to have stolen 1.3TB from cloud storage and support systems. The combination of dating platform data and passport data in the same month illustrated the breadth of personal information at risk: from the most intimate (dating preferences and relationship status) to the most official (passport numbers enabling identity fraud). Both categories carry consequences that extend far beyond financial loss.

Intimate and Official Data
Recommended

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call

Dating profiles carry stigma. Passport numbers carry identity. Both are irreplaceable.

Dating Platform Data
Dating platform data — including preferences, matches, subscription history, and usage patterns — is among the most sensitive personal information. As <a href="/blog/anatomy-of-a-breach-ashley-madison">Ashley Madison</a> (2015) proved, dating data exposure can destroy relationships, careers, and lives. <a href="/penetration-testing/web-application">Application testing</a> assesses platform data protection.
Passport Numbers Enable Identity Fraud
Eurail's passport data exposure — numbers and expiry dates — enables identity fraud, forged documents, and border control evasion. Unlike passwords, passport numbers cannot be easily changed. <a href="/cyber-essentials">Cyber Essentials</a> mandates encryption and access controls for identity documents.
Social Engineering of SSO
The Match Group attack reportedly involved social engineering targeting Okta SSO access — the same technique used against <a href="/blog/anatomy-of-a-breach-lapsus">Okta/Lapsus$</a> (2022) and <a href="/blog/anatomy-of-a-breach-mgm-caesars">MGM/Caesars</a> (2023). Identity providers remain the highest-value social engineering targets. <a href="/penetration-testing/social-engineering">Social engineering testing</a> assesses SSO and identity provider security.
Cloud Storage Exfiltration
Eurail's 1.3TB was reportedly stolen from cloud storage — the same pattern seen across <a href="/blog/anatomy-of-a-breach-snowflake-campaign">Snowflake</a> (2024) and multiple other cloud exfiltration incidents. <a href="https://www.socinabox.co.uk">SOC in a Box</a> monitors cloud storage access for anomalous bulk downloads. <a href="https://www.cyber-defence.io/services/incident-response">UK Cyber Defence</a> provides incident response for cloud data theft.
Lessons

Personal data comes in many forms. All of it deserves protection.

The Match Group and Eurail breaches demonstrated that personal data sensitivity extends far beyond financial records — dating preferences, travel patterns, and identity documents all carry profound consequences when exposed. Cyber Essentials addresses data protection. Application testing validates platform security. Social engineering testing assesses SSO resilience. SOC in a Box monitors for data exfiltration. And UK Cyber Defence provides incident response when personal data is compromised.

Personal Data Protection

Dating profiles and passport numbers exposed. Is your platform protecting your customers' most personal data?

<a href="/penetration-testing/web-application">Application testing</a> validates data protection. <a href="/cyber-essentials">Cyber Essentials</a> mandates controls. <a href="https://www.socinabox.co.uk">SOC in a Box</a> monitors for exfiltration.

Commission a Security Assessment Next: BridgePay + Healthcare Ransomware
Next Step

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call
Keep Reading

Related Articles

Anatomy of a Breach 30 November 2018

Anatomy of a Breach: Marriott — 500 Million Guest Records and a Breach That Started Four Years Before Discovery

Breach #119. On 30 November 2018, Marriott International disclosed that the Starwood guest reservation database — which it had acquired when it purchased Starwood Hotels in September 2016 — had been compromised since 2014, affecting approximately 500 million guest records including names, addresses, phone numbers, email addresses, passport numbers, dates of birth, and in some cases encrypted payment card details. The breach had been active for four years before detection — and for two of those years, the compromised system belonged to Marriott. The ICO proposed a £99 million GDPR fine. The definitive M&A cyber due diligence case study.

data-breach marriott
14 min read
Anatomy of a Breach 31 March 2026

Anatomy of a Breach: European Commission and Stryker — EU Government Cloud Attacked and Iran-Linked Group Hits Medical Technology

Breach #207. March 2026 brought attacks against both government and healthcare infrastructure. On 24 March, the European Commission disclosed that a cyber attack had struck the cloud infrastructure hosting the Europa web platform — with data taken from affected websites. The full scope remained under investigation. Separately, medical technology company Stryker experienced a significant cyber attack linked to an Iran-aligned hacktivist group. The attacks demonstrated that government cloud platforms and medical device manufacturers — both critical to the functioning of society — remain persistent targets for nation-state and hacktivist groups.

european-commission stryker
13 min read
Anatomy of a Breach 28 February 2026

Anatomy of a Breach: BridgePay and University of Mississippi Medical Center — Payment Systems and Patient Care Both Disrupted by Ransomware

Breach #206. February 2026 saw ransomware disrupt two critical services. BridgePay — a payments platform serving city governments and municipalities — was hit by ransomware that disrupted payment processing for local government customers across the US, with systems not fully restored until 28 February. The University of Mississippi Medical Center was forced to close clinics after ransomware disabled IT systems and electronic health records, requiring clinicians to revert to manual downtime procedures for patient care. The clinics reopened on 2 March. Both incidents demonstrated that ransomware continues to target the systems that people depend on most — government payments and healthcare.

bridgepay ransomware
13 min read
All Posts Get in Touch