Match Group, the parent company of dating apps like Tinder, Hinge, and OkCupid, has experienced a cybersecurity breach that exposed user data. Hackers associated with the ShinyHunters group leaked 1.7 GB of files, claiming to contain 10 million records from these platforms. Match Group acknowledged the incident, stating that while a limited amount of user data was compromised, there’s no evidence that sensitive information like login credentials or financial data was accessed. The breach appears to have stemmed from a compromised Okta single sign-on (SSO) account, which granted attackers access to Match Group’s marketing analytics and cloud storage. However, the company refuted claims that Google Drive and Dropbox files were accessed during the breach. The hackers indicated that the stolen data primarily consisted of tracking information rather than extensive personally identifiable information (PII). Experts suggest that organizations can bolster defenses against such social engineering attacks by adopting phishing-resistant multi-factor authentication methods. Recommendations include using FIDO2 security keys and implementing strict app authorization policies. Okta has also advised organizations to enroll users in their FastPass or passkey systems to enhance security. Some financial institutions are exploring live caller checks to verify identities during phone interactions, potentially reducing the risk of social engineering.