Key Takeaways
- Despite Bumble’s safety tools, the class-action lawsuit alleges the company failed to adequately safeguard user data, undermining trust as a result.
- Match Group and Bumble remain vulnerable to breaches, suggesting “medium risk” protections are not enough to maintain user trust in the industry.
- Both users and platforms pay an emotional and financial price when a platform’s security measures fail to protect personal data from cyberattacks.
Last month, some Bumble and Match Group users received a dreaded notification — and we’re not talking about a “U up?” text. These dating app users learned that their personal information was potentially involved in a massive hacking event wrought by ransomware group ShinyHunters.
“Our InfoSec team quickly detected and eliminated the access, and the incident is contained,” a Bumble spokesperson allegedly told Cybernews. “We have engaged external cybersecurity experts to investigate and have notified law enforcement.”
The spokesperson reassured users that “there was no access to our member database, member accounts, the Bumble application, or member direct messages or profiles.” But this hasn’t stopped one Texas woman from taking Bumble to court anyway.
“Our InfoSec team quickly detected and eliminated the access, and the incident is contained.”
A class action suit filed by Tyra Omirin on February 19 claims that the cyberattack, which allegedly resulted in the exposure of over 30 GB of records and potentially included full names, Social Security numbers, and dating preferences, was “massive and preventable.”
The threat of identity theft, data breaches, and romance scams loom large over dating app users, especially as AI becomes more and more intuitive. Advanced tech is a blessing and a curse, with the power to make the dating app experience more convenient, but also more susceptible to hackers.
Now, the widening gap between platform defenses and hacker sophistication is eroding trust for both users and dating companies alike.
Safety Shortcomings Put Bumble in the Spotlight
As the main plaintiff in the case, Omirin (along with other unnamed class members), claims that Bumble “intentionally, willfully, recklessly and/or negligently” failed to “implement adequate and reasonable measures to ensure that … PII was safeguarded.”
The lawsuit specifically calls out Bumble’s security infrastructure, claiming the app company failed “to take available steps to prevent an unauthorized disclosure of data, and … to follow applicable, required and appropriate protocols, policies and procedures regarding the encryption of data, even for internal use.”
To be fair, Bumble goes further than some other dating apps to enhance safety. It offers a safety handbook, how-to guides for expressing consent and identifying romance scams, and also highlights its safety tools, including its Private Detector, on its website.
But what’s the point of building user trust when their personal data can still end up in the wrong hands?
“As an app user myself, apps that can’t guarantee safety lose their credibility — and fast,” DatingNews’ resident op-ed writer, Hayley Folk, once said. Omirin claims she would not have paid for her Bumble subscription if she’d known the company wouldn’t “reasonably and adequately protect” her personal data.
Security Measures Have Long Lagged Behind Hackers
Although the lawsuit targets Bumble, Match Group was also caught up in the ShinyHunters breach. Malwarebytes Labs reported that approximately 10 million Match Group records containing PII — personally identifiable information — were compromised in the breach.
On the bright side, Match Group claims that PII-rich records, such as logins, financial data, and private messages, were not exposed. But this doesn’t mean important personal information wasn’t obtained by ShinyHunters. Match Group told Bloomberg it will notify users if their private data was compromised in the breach.
With very few verifiable numbers, it’s unclear just how many people have to worry about their personal info floating around the dark web, or perhaps worse, falling into the hands of hackers.
It’s unclear just how many people’s personal info has been exposed to the dark web.
This is not a new problem: A 2025 report from Business Digital Index (BDI) found that 75% of 24 major dating platforms are at high or critical risk of security breaches — Match Group sites Tinder, Hinge, and OkCupid all received C or D grades.
Funnily enough, though, Bumble received a B from BDI, which is one of the highest grades, and indicates “medium risk.”
Omirin’s lawsuit makes it clear that even “medium risk” isn’t good enough for some daters. If most dating apps want to survive, they’ll have to strengthen their security infrastructure until it earns an “A.”
Data Breaches Take An Intense Personal Toll
When a dating app is hacked, there’s more at stake than one’s credit card information. Everything from a user’s address to their dating preferences to their daily routine are potentially exposed to cybercriminals, putting them at risk of financial and emotional ruin.
It’s only natural for victims to demand answers — and accountability — from the apps they trusted with this information in the first place.
Omirin makes it clear that the breach has taken a personal toll:
“Plaintiff has suffered lost time, annoyance, interference and inconvenience as a result of the Data Breach and has anxiety and increased concerns for the loss of privacy, as well as anxiety over the impact of cybercriminals accessing, using and selling Plaintiff’s PII,” according to the case.
The ramifications of the data breach are potentially long-lasting, too. “Once PII is stolen, particularly identification numbers, fraudulent use of that information and damage to victims may continue for years,” the case file states indicates.
Time will tell if Omirin gets her day in court against Bumble. Until then, hackers like ShinyHunters will continue to slip through security gaps, keeping the spotlight on the need for strong protections — for the sake of users, and the dating platforms they trust.
