Cyber Incident Victim: Omiai
Date:
Apr 2021
Location:
Japan
Summary
A major Japanese dating app suffered a breach exposing personal data of 1.71 million users, including sensitive age verification documents such as driver's licenses, passports, and insurance cards containing names, birth dates, registration numbers, and photos. The operator confirmed unauthorized server access but stated no financial information was compromised, promptly blocking the attackers' IP address; the app, with millions of users, facilitates matches through verified profiles, highlighting risks in handling sensitive identity documents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late April 2021, Net Marketing Co., operator of Japan’s prominent dating app Omiai, experienced a cybersecurity breach involving unauthorized access to its servers. Attackers compromised personal data belonging to 1,711,756 users who had submitted age verification documents between January 2018 and April 2021. The exposed records included driver’s licenses, health insurance cards, and passports containing full names, dates of birth, registration numbers, and photographs. The company detected the intrusion and promptly blocked the attackers’ IP address, preventing further unauthorized access. No financial information such as credit card details was accessed during the incident. Omiai requires these identity documents to verify users’ ages due to Japan’s stringent online dating regulations. The breach exclusively affected individuals who had submitted verification materials during the three-year window prior to the attack. Net Marketing Co. publicly confirmed the incident but did not disclose technical details regarding the attack vector or server vulnerabilities exploited.
The incident impacted approximately 25% of Omiai’s total user base, which exceeded 6.8 million accounts at the time, including over 5 million paying subscribers as of September 2020. Male users paid $37 monthly for premium memberships, underscoring the financial stakes involved. Compromised verification documents pose significant identity theft risks given their inclusion of government-issued identification numbers and biometric photographs. This breach occurred amid rapid expansion in Japan’s digital dating market, which had more than doubled since 2016 and was projected to reach ¥106 billion by 2025. A contemporaneous industry report indicated 65% of consumers would abandon a service following a data breach, suggesting potential reputational and financial consequences for Omiai. The company’s disclosure emphasized containment through IP blocking but did not specify whether law enforcement was engaged or whether affected users received individual notifications beyond the public announcement.