Valentine’s Day data breach for dating app

Account holders of a US dating app named Coffee Meets Bagel had a heart-breaking start to their Valentine’s Day this year.

While couples elsewhere were exchanging chocolates, cards and flowers, around 6 million Coffee Meets Bagel users were greeted by email explaining that an “unauthorised party” had obtained access to their names and email addresses.

The San Francisco-based firm did not divulge the identity of those responsible for the intrusion, but said that a security firm had been hired to conduct a full investigation into the company’s IT systems.

In an official statement, Coffee Meets Bagel said that they “quickly took steps to determine the nature and scope of the problem”, as soon as the breach was discovered on 11th February 2019.

The statement then detailed steps the firm took in response:

“We have engaged forensic security experts to conduct a review of our systems and infrastructure. Vendor and external systems are being audited and reviewed to ensure there are no compliance issues or third-party breaches.

“We continue to monitor for suspicious activity and we are coordinating with law enforcement authorities regarding this incident. We continue to make enhancements to our systems to detect and prevent unauthorised access to user information,” they said.

Launched in 2012, Coffee Meets Bagel was founded by three sisters – Arum Kang, Dawoon Kang and Soo Kang – who successfully pitched their idea on a US television show to win huge financial investment.

An businessman named Marc Cuban saw a spark in the sisters’ proposition and bought the company for $30m, a record-breaking sum for the ABC show.

Originally, Coffee Meets Bagel went hand-in-hand with Facebook, enabling users to make connections with friends of friends. When the Cambridge Analytic scandal broke and Facebook’s shady data sharing practices were revealed, the dating app moved away from a sign-in mechanism through the social network in favour of signing in with a mobile phone number.

It is currently one of the few dating apps in popular use that is not owned by Match Group, which owns Tinder, OKCupid and Match.com.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.