A Men’s social networking website and the application called Manhunt suffered a data breach that has impacted its customers.
This website has been in the market for 20 years and the data of this website was compromised due to a cyber-attack that it faced in February 2021. This information is according to the security notice filed with the Washington attorney general on April 1.
An unauthorized third party gained access to the database containing the credentials of Manhunt and downloaded some of the information about the users like the username, email address, password. Manhunt performed a forced reset of all the passwords of the users after detecting the data breach.
Though the company did not reveal the number of users out of the 6 million affected, it started notifying about the attack last month.
The attack was detected on March 2 and an investigation revealed that the data of the customers were downloaded by the attacker at the beginning of February.
“On March 2, 2021, Manhunt discovered that an attacker gained access to a database that stored account credentials for Manhunt users,” wrote the company in the notice.
“The attacker downloaded the usernames, email addresses, and passwords for a subset of our users. We immediately took steps to remediate the threat and reset the passwords of affected users.”
Manhunt consulted a third-party forensic consultant “to assist us in investigating what happened and confirm that there is no ongoing unauthorized access to our systems.”
The company said they did not find any evidence of a picture or message getting stolen by the attacker has been found. Also, no payment-related information like Card number, pins, etc. have been exposed since Manhunt neither transmits nor stores these types of information.
Manhunt reminded the customers that they never ask for passwords or other sensitive information and never share them with anyone. They warned the users to beware of the threat actors impersonating as Manhunt official and their phishing messages.