Cyber Incident Victim: Shadi.com

In July 2016, user account data from matrimonial websites Shadi.com and MuslimMatch.com was traded on digital underground platforms following security breaches. MuslimMatch.com experienced a confirmed hack on July 1, 2016, resulting in the public leakage of nearly all its user data. On July 10, 2016, Leaked Source obtained stolen datasets from both platforms, containing approximately 2 million combined user records. The compromised information included email addresses, names, dates of birth, and passwords. For Shadi.com, all passwords were stored in unencrypted plaintext format, while MuslimMatch.com used MD5 hashing for password storage—an algorithm known for cryptographic weaknesses that enable relatively easy decryption. Approximately 150,000 user credentials and profiles from these platforms were subsequently posted online, along with over 500,000 private messages exchanged between users.

The exposure of sensitive personal and communication data from matrimony-focused platforms created significant privacy risks for affected individuals. Clear-text password storage at Shadi.com enabled immediate credential misuse, while MD5-hashed passwords from MuslimMatch remained vulnerable to cracking attempts. Security analysts observed parallels with contemporaneous breaches at AfrikaDating.com, AdultSingleSites.com.au, and PinkDate.co.uk, where thousands of additional user records were leaked. Leaked Source publicly confirmed possession of the datasets but did not disclose acquisition methods. Users received advisories to proactively secure online accounts through password managers capable of generating unique credentials, thereby limiting cross-service compromise risks from reused passwords. Shadi.com's operators were contacted for comment following the breach disclosure, though no further operational details or mitigation measures were publicly confirmed at the time of reporting.