Bumble Hives group data found in ShinyHunters leak, researchers warn

Published: 29 January 2026
Last updated: 2 February 2026
ShinyHunters leak Bumble data
Image by Cybernews.

The attacker group ShinyHunters has added the popular dating app Bumble to its latest victims, claiming that most of the data was taken from cloud services the company uses. The leaked data incudes list of Bumble groups, called Hives.

Key takeaways:
  • Attackers claim to have stolen 30GB of Bumble data from Google Drive and Slack after phishing a contractor's account.
  • Bumble confirms the attack was contained quickly and says no user accounts, profiles, messages, or member database were accessed.
  • Exposed data includes internal company documents, employee PII, contracts, invoices, and some Bumble Hive group information.
  • ShinyHunters is running a broader campaign targeting dating apps including OkCupid, Hinge, and Match using vishing-enabled phishing kits.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

Bumble was posted on ShinyHunters dark web leak site on January 29th, with the gang saying they have “thousands of internal documents” from the company. According to the attackers, they have access to 30GB of Bumble’s data, taken from Google Drive and Slack.

ADVERTISEMENT

The company confirmed to Cybernews that one of Bumble's contractors' accounts was compromised in a phishing incident. According to Bumble's spokesperson, the breached account had limited privileges.

“Our InfoSec team quickly detected and eliminated the access, and the incident is contained. We have engaged external cybersecurity experts to investigate and have notified law enforcement. Importantly, there was no access to our member database, member accounts, the Bumble application, or member direct messages or profiles,” the company's spokesperson said.

Bumble, a popular dating platform with hundreds of millions of downloads on Google Play Store, has over 40 million active users. The platform is controlled by Bumble Inc., a company that also controls online apps Badoo and BFF.

Bumbe posted on dark web
Attacker's post on the dark web. Image by Cybernews.

What data did Bumble leak expose?

Meanwhile, the Cybernews research team investigated the 30GB data sample, which attackers attached to the dark web post. According to the team, while the exposed details appear to be legitimate, attackers shared a limited number of supposedly exposed records. At this time, it remains unclear if the shared dataset is the total number of records that attackers obtained or a sample.

“It appears that the sample includes more company data than personal information, which corresponds with what attackers were saying in their post. This mainly exposes business operations, employee or candidate personally identifiable information, which increases risk for phishing, fraud, as well as loss of trust, competitive advantage,” researchers said.

However, the exposed details included some user IDs, session IDs, and cookies. At least in theory, attackers could utilize the leaked data for account takeover. Other exposed details included various interest tags used in profiles, such as tag names, and the number of times a certain tag was used.

ADVERTISEMENT
Bumble app data leak

Interestingly, the team noticed the sample includes information about a limited number of Bumble groups, which are called Hives in-app. While no group members were exposed, some group names, descriptions, welcome messages, rules, and change logs were included in the data sample.

The team also discovered a document with 10 records, exposing personally identifiable information (PII), such as full names and home addresses. Researchers surmise that the information most likely includes employee data.

“The majority of the exposed files are internal company documents: policy reviews, contracts between Bumble and their partner companies, invoices, user engagement analysis reports, onboarding guides for new employees, and some CVs from candidates, which include PII as well as employment history,” researchers said.

Bumble app data leak sample

Who are the attacker group ShinyHunters?

ShinyHunters targeted multiple companies over the recent days, likely as a part of a campaign aimed at stealing single sign-on (SSO) credentials for Okta, Microsoft, and Google accounts.

Okta describes the gang employing vishing-enabled phishing kits, built specifically to support attackers during live phone calls with targets. Okta added that attackers typically impersonate IT support, calling employees and directing them to phishing websites designed to look like legitimate login portals.

Yesterday Cybernews wrote about the gang’s claims of attacking OkCupid, Hinge and Match, all owned by Match Group. The attackers supposedly stole over 10 million records belonging to the company.

“There is no indication that user log-in credentials, financial information, or private communications were accessed. We believe the incident affects a limited amount of user data, and we are already in the process of notifying individuals, as appropriate,” Match Group's spokesperson told Cybernews.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The gang has also targeted the private company intelligence platform Crunchbase. According to the company, the threat actor exfiltrated “certain documents” from its corporate network.

Another victim claimed by the cybergang, a major American restaurant chain, Panera Bread, allegedly lost 14 million customer and employee records. Our researchers did witness a treasure trove of personally identifiable information (PII) included in the data sample that attackers shared on the dark web.

While no companies publicly discussed whether ShinyHunters demanded ransom for stolen data, Alon Gal, cybersecurity researcher and Co-Founder at Hudson Rock, reported that he was approached by ShinyHunters following public reports of their activity.

“ShinyHunters have confirmed they were behind the campaign and shared a Tor victims blog in which Crunchbase, SoundCloud, and Betterment all had their alleged data leaked after rejecting the group's extortion attempt,” Gal wrote.

Was my Bumble account or private messages hacked?

According to Bumble, the attackers did not access the member database, private messages, or user profiles. The company states the breach was limited to a contractor's account with restricted privileges.

What data did ShinyHunters allegedly steal from Bumble?

The ShinyHunters gang claims to have exfiltrated 30GB of data from Bumble’s internal Slack and Google Drive channels. The leaked files primarily include internal corporate documents, likely employee and job candidate PII, partner contracts, and information about Bumble groups known as Hives.

Can hackers use the leaked data to take over accounts?

While passwords were not exposed, researchers found session IDs and authentication cookies in the data sample. In theory, sophisticated attackers can use session cookies to bypass login screens and access accounts without a password, via a technique known as session hijacking.

Updated on February 2nd [12:10 p.m. GMT] with a research team analysis of the exposed data.

Updated on January 30th [02:45 p.m. GMT] with a statement from Bumble.

Unlock exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT