Back

Massive Grindr Data Leak Exposes 15 Million User Records for Sale

Severity: High (Score: 66.0)

Sources: Escudodigital, Cybernews

Published: 2026-06-04 · Updated: 2026-06-04

Keywords: grindr, alleged, users, data, dark, risk, leak

Summary

A threat actor is selling a database allegedly containing data from over 15 million Grindr users on the dark web. The dataset includes sensitive information such as full names, email addresses, physical attributes, HIV status, and location data. The hacker claims to have obtained password hashes and OAuth-related data, raising concerns about potential credential stuffing attacks. The dataset is priced at $400, suggesting it may be marketed to multiple buyers rather than a single high bidder. As of now, Grindr has not confirmed the breach, and no third-party verification has been provided. The presence of sensitive health-related information poses significant risks to affected users. Cybersecurity experts are warning users to change passwords and monitor accounts for suspicious activity. The incident highlights the ongoing vulnerabilities in dating apps, which are prime targets for cybercriminals. Key Points: • Over 15 million Grindr user records are allegedly for sale on the dark web. • The dataset includes sensitive personal information, including HIV status and location data. • Grindr has not yet confirmed the breach, and no third-party verification is available.

Detailed Analysis

**Impact** Approximately 15 million Grindr users are affected, primarily from the LGBTQ+ community, with exposed data including full names, email addresses, physical attributes, sexual orientation, HIV status, and precise location data. The leak risks credential stuffing attacks due to the presence of password hashes and OAuth tokens, potentially impacting users across multiple platforms. The exposure of sensitive health and identity information increases risks of targeted phishing, blackmail, and discrimination. Grindr has not confirmed the breach, and no geographic limitations were specified. **Technical Details** The dataset was allegedly exfiltrated and posted for sale on dark web and cybercrime forums by a threat actor known as "nilojeda." The breach includes password hashes using bcrypt and SHA256, OAuth-related data, IP addresses, device types, and user agents. No specific attack vector, malware, or CVEs exploited were identified in the reports. The presence of recent timestamps (May 2026) suggests ongoing or recent data collection. No IOCs or infrastructure details were provided. **Recommended Response** Users should immediately change passwords on Grindr and any other services where the same credentials were reused, enabling multi-factor authentication where possible. Organizations should monitor for credential stuffing attempts and phishing campaigns targeting Grindr users. Security teams should watch for suspicious access patterns involving OAuth tokens and IP addresses linked to the breach. Since no patch or direct mitigation is identified, continuous monitoring of dark web forums for further data circulation is advised.

Source articles (2)

  • Passwords and locations at risk in alleged Grindr data leak — Cybernews · 2026-06-02
    A handful of alleged Grindr user records just surfaced on a cybercrime forum, putting users at risk of credential stuffing attacks. A dataset allegedly containing Grindr user information has surfaced…
  • 15 million Grindr users' data put up for sale on dark web — Escudodigital · 2026-06-04
    The alleged leak includes full names, email addresses, physical attributes, and HIV status details from the LGBTQ+ dating app. A threat actor has posted a message on a dark web forum claiming to be se…

Timeline

  • 2026-06-02 — Grindr data leak reported: Cybernews reported the appearance of Grindr user records on a cybercrime forum, indicating a potential data breach.
  • 2026-06-04 — 15 million records listed for sale: Escudodigital reported that a hacker is selling a database of over 15 million Grindr users, including sensitive details.

Related entities

  • Credential Stuffing (Attack Type)
  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • Bumble (Company)
  • Gay Daddy (Company)
  • Grindr (Company)
  • Grindr Inc (Company)
  • Headero (Company)
  • Meet And Chill (Company)
  • parties.at (Domain)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1110 - Brute Force (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
  • IOS (Platform)
  • Slack (Platform)
  • Google Drive (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed