TL;DR: In January 2026, the ShinyHunters hacking group broke into Bumble through a voice phishing attack on a contractor. They stole over 30 gigabytes of user data: names, dates of birth, Social Security numbers, addresses, phone numbers, chat history, and dating preferences. On January 29, they posted the stolen data to a dark web leak site. A class action lawsuit was filed on February 19 in Texas federal court, alleging Bumble failed to encrypt data properly and ignored security vulnerabilities. Dating app breaches are uniquely dangerous because the data is deeply personal and can be used for stalking, blackmail, and discrimination.
What Happened
ShinyHunters (the same group behind breaches at AT&T, Ticketmaster, and SoundCloud) targeted Bumble in January 2026.[1]
The attack method: voice phishing, also called "vishing." A hacker called a Bumble contractor, impersonated IT support, and convinced them to hand over credentials. From there, ShinyHunters accessed Bumble's "Hives" (internal group lists) and exfiltrated over 30 gigabytes of user files.[2]
On January 29, 2026, the stolen data appeared on a dark web leak site. Bumble users were the last to know.
What Was Stolen
The breach exposed deeply personal data:[1][2]
- Full names
- Dates of birth
- Social Security numbers
- Physical addresses
- Phone numbers
- Email addresses
- Account numbers
- Dating preferences
- Chat history
- Dating history
This isn't just identity theft material. It's a complete profile of your intimate life: who you talked to, what you said, what you're looking for.
Why Dating App Breaches Are Different
A breach at your bank exposes financial data. A breach at a dating app exposes you.
Stalking
Your photos, interests, and location data let stalkers track you down in the real world. Some apps store location to within meters.[3]
Blackmail
Private conversations, intimate details, compromising photos. All become extortion material once in criminal hands.
Discrimination
Dating preferences reveal sexual orientation, religion, political views. Information that can be used against you by employers, insurers, or governments.
Romance Scams
With your chat history and preferences, scammers can craft convincing approaches. The FTC says romance scams cost victims $1.3 billion in 2023.[4]
The Ashley Madison Precedent
Dating app breaches have killed people.
In July 2015, hackers breached Ashley Madison, exposing 32 million users of the "extramarital affairs" site. The data dump didn't just reveal usernames. It exposed real names, addresses, and sexual preferences.[5]
What followed: extortion emails demanding Bitcoin or public exposure. Marriages destroyed. Multiple suicides reported. A pastor in New Orleans took his own life after his name appeared in the leak.[5]
That was 10 years ago. The data industry learned nothing. Dating apps still collect everything and secure almost nothing.
The Lawsuit
On February 19, 2026, plaintiff Tyra Omirin filed a class action against Bumble Inc. in the U.S. District Court for the Western District of Texas (Case No. 1:26-cv-00398).[1]
The complaint alleges Bumble:
- Failed to implement adequate cybersecurity measures
- Failed to properly encrypt user data
- Failed to implement timely breach detection
- Failed to provide prompt and accurate breach notification
The lawsuit invokes the Texas Deceptive Trade Practices Act and seeks class-wide damages plus a court order requiring Bumble to overhaul its security and delete affected users' data.[2]
Bumble's Track Record
This isn't Bumble's first privacy scandal.
In 2024, Bumble Inc. paid a £32 million settlement over allegations that the company collected biometric data from profile photos without explicit user consent.[3]
The company has a 70+ million user base. Those users trusted Bumble with their most personal data. That trust was misplaced.
The Pattern
Dating apps keep failing the same security basics:[3]
- Grindr (2018): Shared users' HIV status with analytics firms without consent
- Coffee Meets Bagel (2019): Breach exposed 6 million users' data
- MobiFriends (2020): Breach exposed 3.7 million users' data
- Adult FriendFinder (2016): Breach exposed 412 million accounts
A 2025 study found 75% of dating apps are "unsafe": leaking location data, sharing information with third parties without consent, or storing sensitive data insecurely.[6]
Protect Yourself
Minimize Data Sharing
Don't link social media accounts. Don't share your real phone number (use Google Voice or a burner number). Skip fields that aren't required.
Use Unique Credentials
Dating app accounts are high-value breach targets. Use a unique email and strong, unique password. Enable two-factor authentication.
Limit Location Access
Grant "while using" not "always." Delete the app when not actively using it. It can track you in the background.
Delete Your Account, Really
Deactivating isn't deleting. Request full data deletion under your state's privacy law. Bumble is Texas-based; Texans have some rights under the TDPSA.
What to Watch
This lawsuit is in early stages. Key developments to track:
- Class certification: Will the court certify a nationwide class?
- Discovery: What did Bumble know about its security vulnerabilities before the breach?
- Arbitration: Bumble's terms of service require arbitration: will plaintiffs fight that clause?
- Company response: Bumble hasn't publicly commented on the lawsuit.
The Bottom Line
30 gigabytes of dating app data is now in criminal hands. Everything users thought was private (who they're attracted to, what they said in messages, their real names and Social Security numbers) is out there.
Dating apps promise connection. They deliver surveillance. Your most intimate data, stored on servers secured by whatever budget the company felt like spending.
The lawsuit might get victims some compensation. It won't get their privacy back. That data is gone forever.
References
- ClassAction.org - Bumble Lawsuit Claims Dating App Failed to Prevent 'Massive' January 2026 Data Breach
- Top Class Actions - Bumble Sued After Data Breach Allegedly Exposed Users' PII
- Data Protection People - The Biggest Data Breaches in Dating Apps
- FTC - Romance Scam Statistics
- WIRED - Ashley Madison Aftermath
- Business Digital Index - 75% of Dating Apps Are Unsafe, New Study Finds