Cyber Incident Victim: Muslim Match
Date:
Jun 2016
Location:
United Kingdom
Summary
A dating platform experienced a significant data breach compromising approximately 150,000 user accounts and over 800,000 private messages, including intimate communications. Exposed information comprised usernames, email and IP addresses, geographic locations, hashed passwords, and chat logs, which were subsequently disseminated through breach notification services and hacker circles. The incident rendered the service temporarily inaccessible, with affected users expressing alarm over the exposure of sensitive personal details and criticizing inadequate security measures such as insufficient encryption for protecting confidential data shared on the platform.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In June 2016, the Muslim Match dating website suffered a significant data breach resulting in the exposure of approximately 150,000 user accounts and over 800,000 private messages. The compromised data included usernames, email addresses, IP addresses, geographic locations, hashed passwords, and chat logs stored across eight files—six in SQL format. A hacker known as TheCthulhu released the full database publicly, prompting security researcher Troy Hunt to incorporate the dataset into the HaveIBeenPwned breach notification service. Analysis of the leaked material confirmed the presence of 790,000 intimate user messages within a file labeled SEPMs, containing personal disclosures ranging from marriage-seeking intentions to humorous self-descriptions. The website, which marketed itself as a free marriage service for Muslim users, was rendered offline at the time of reporting, though no official statement from Muslim Match was referenced. Media outlets including IBTimes UK and Motherboard verified the breach’s authenticity by reviewing the database and contacting affected users, with some confirming their compromised credentials.
The breach exposed sensitive communications from users across the United Kingdom, United States, and Middle East, many of whom shared deeply personal information under the assumption of confidentiality. Impacted individuals expressed alarm over the exposure of private messages and criticized the platform’s apparent lack of encryption for protecting data. One user described the incident as "very scary," while others emphasized disappointment in the service’s security measures. Muslim Match’s social media profiles framed the platform as a marriage-focused community, heightening concerns about reputational risks and potential misuse of exposed marital intentions. Media attempts to solicit responses from both the website and a sample of affected users yielded no public statements prior to the article’s publication. The dataset’s availability on hacking forums and breach-tracking sites amplified risks of credential reuse attacks and targeted social engineering against the predominantly Muslim user base. No remediation efforts by Muslim Match—such as password resets or user notifications—were documented in the available sources at the time of reporting.