Coffee Meets Bagel Inc., a San Francisco Bay Area dating app startup, has been hacked with the account details of approximately 6 million users stolen.

Notification of the data breach was sent to app users today, Valentine’s Day, with the company saying that that data from accounts may have been “acquired by an unauthorized party.”

“On February 11, 2019, we learned that an unauthorized party gained access to a partial list of user details,” the company wrote. “The affected information only includes your name and email address prior to May 2018. As a reminder, we never store any financial information or passwords.”

Coffee Meets Bagel decides to tell users it suffered a data breach…. on Valentine’s Day. pic.twitter.com/VRNFYlvEJE

— Donie O'Sullivan (@donie) February 14, 2019

The hack was only discovered after data from Coffee Meets Bagel users was listed in a database of 617 million user accounts from 16 different websites found for sale on the dark web earlier in the week. The discovery implies that Coffee Meets Bagel was not aware that it had been hacked before now and presumably the hack occurred last May.

Worse still, the company still apparently doesn’t know how the app was hacked either, saying that it had hired forensic security experts who are conducting audits with its third-party vendors.

Oscar Tovar, vulnerability verification specialist at WhiteHat Security Inc., said the incident is just the most recent example of a vulnerable, widely used application being targeted by malicious actors. But he said businesses can minimize risks.

“Security training and education, along with IT and Ops teams partnering with security to understand and prioritize how to mitigate risk” top Tovar’s list, along with “applying patches to applications immediately – not months after they become available and making security testing a part of the entire lifecycle of an application.”

Coffee Meets Bagel is not the first dating site or app to be hacked and it most certainly won’t be the last. A report Feb. 10 claimed that OKCupid accounts had been compromised although the company denies the allegations.

In 2016 the “Beautiful People” data service was hacked, but the mother of all damaging dating service hacks remains the cheating site Ashley Madison in 2015.

Photo: Coffee Meets Bagel