Hackread reports that widely known Israeli LGBTQ dating app Atraf had a database containing information from 669,672 users potentially stolen from a 2021 attack by Iranian state-sponsored threat operation Black Shadow exposed by a Russian threat actor.
Such a database, which was posted on BreachForums, contained users' full names and nicknames, birthdates, addresses, ages, phone numbers, IP addresses, sex and gender, sexual orientation, interest and hobbies, location details, smartphone information, direct messages, family details, payment card information, and certain plain text passwords, according to Hackread researchers.
No data more recent than 2021 had been included in the exposed database, indicating the legitimacy of the information. Individuals using Atraf have been urged to immediately replace their credentials for the dating app and their emails, as well as be wary of any links that could be leveraged for malware compromise.
While Atraf has already been informed regarding the incident, the company has yet to respond.
