Cyber Incident Victim: MeetMe

In August 2014, hackers breached the social networking platform MeetMe, compromising user data during a three-day window between August 5 and August 7. The attackers gained unauthorized access to the MeetMe network infrastructure, specifically targeting and exfiltrating stored account credentials. The compromised information included usernames, email addresses, and encrypted passwords belonging to users who logged into the service during the attack period. MeetMe confirmed the breach through internal investigation but did not disclose the total number of affected accounts. The company identified and closed the exploited vulnerability shortly after detecting the intrusion, preventing further unauthorized access. No evidence indicated that attackers accessed user accounts post-compromise or manipulated account functionality. Financial information remained secure throughout the incident, as payment systems were not targeted or exposed during the breach.

MeetMe initiated incident response procedures by notifying all potentially impacted users through direct email communications and by posting a public notice on the platform's website. The company advised users to proactively change their passwords as a precautionary measure despite the encryption applied to compromised credentials. Communications firm G.F. BUNTING+CO, representing MeetMe, publicly stated the absence of evidence regarding account misuse but maintained the password reset recommendation to mitigate credential-stuffing risks. The breach timeline was confined to the 72-hour period identified by forensic analysis, with no indication of prior or subsequent unauthorized access stemming from the same vulnerability. MeetMe's public disclosures emphasized the containment of the incident through prompt remediation of the security flaw but did not specify technical details about the attack vector or the encryption methods protecting the stolen passwords.