Men’s social networking website and online dating application Manhunt has suffered a data breach.
According to a security notice filed with the office of the Washington attorney general on April 1, the 20-year-old site was compromised in a cyber-attack that took place in February 2021.
An unauthorized third party downloaded personal information belonging to some Manhunt users after gaining access to the company’s account credential database.
The compromised database contained customers’ usernames, email addresses, and passwords. After discovering that a breach had occurred, Manhunt performed a forced reset of all users’ passwords.
Manhunt began notifying users of the security incident last month. The company did not say how many of the approximately 6 million men who use the site had been impacted by the attack.
In the notice of data breach, Manhunt revealed that the personal information of an estimated 7,714 Washington residents had been affected.
The breach was discovered by Manhunt on March 2. An investigation into the incident revealed that the attacker(s) had downloaded customers’ data at the beginning of February.
“On March 2, 2021, Manhunt discovered that an attack gained access to a database that stored account credentials for Manhunt users,” wrote the company in the notice.
“The attacker downloaded the usernames, email addresses and passwords for a subset of our users. We immediately took steps to remediate the threat and reset the passwords of affected users.”
Following the breach, Manhunt retained a third-party forensics consultant “to assist us in investigating what happened and confirm that there is no ongoing unauthorized access to our systems.”
The company said that no evidence had been found to suggest that users’ pictures, messages, or other information from their profiles had been accessed by the hacker.
No payment card information was exposed because of the incident as Manhunt doesn’t transmit or store this type of information.
The company warned users to be on the lookout for phishing messages from threat actors impersonating Manhunt or claiming to have information about users. Customers were reminded that the company would never ask them for their password or other sensitive information over email.