On 1/20/2021, a well-known hacker posted user information from several companies, including MeetMindful.
We are deeply sorry that this has happened, and want to be as candid and transparent as possible about what occurred, who was affected, and how we’re moving forward.
We’re on your side: please reach out to our support team at [email protected] if you would like to speak to us further about your data and account.
- A well-known hacker was able to exploit a now-closed vulnerability in our system, and was able to export an outdated version of a list of basic user information.
- This incident applies to users who signed up for MeetMindful prior to March 2020. Users who started an account after March 2020, or have updated their account details since March 2020 have not been affected.
- This file was released on a well-known hacking forum, along with several other companies (including Teespring.com, Bonobos, and others) on 1/20/21.
- We identified the vulnerability and immediately resolved it, as well as brought in additional development resources to ensure future safety.
WHAT WAS RELEASED:
- First Names (in some cases, Last Names), and emails.
- Encrypted passwords and other credentials – these were protected by encryption and therefore were not able to be accessed. No passwords, photos, conversations, matches, credit card data, or other financial information was accessed. See below for more detail.
- Other basic account details (including city / state, account creation and last-active dates, and in some cases, birthdays).
- Email and other notification preferences.
WHAT WAS NOT RELEASED OR ACCESSED:
- No credit card or other payment information was viewed or released. This information is exclusively stored with our payment processors (Stripe and Apple/iOS), thus it is never saved in our databases.
- No messages, profile answers, photos, favorites, user views, or any other personal information relating to matches, detailed match preferences, conversations, specific locations, etc. was accessed or released.
- No recent user information / updated profile information. The accessed information is roughly 6mo old.
WHAT WE’RE DOING:
In response to this attack – unfortunately an all-too-normal occurrence in today’s digital world – we’ve undertaken the following:
- We are actively reviewing our systems and procedures to ensure that this does not happen again.
- We have increased our level of security on all servers and within our application. This may result in slow access times or firewall checks for some users – if you can not access your account, please reach out to [email protected] and we will work directly with you!
- We are working with others involved in this breach, and are committed to candor and transparency around this issue and its resolution.
- We are encouraging any and all users to reset their password immediately if they are at all concerned.
- We are here to help and answer any questions. Reach out at any time to [email protected].
WHAT YOU CAN DO:
- Reset your password to add additional security to your account.
- Reach out to support: [email protected].
- If you get an email or text asking for an account number or password, don’t respond. MeetMindful will never ask you to share your personal information in an email or text.
- If you have questions or detect any suspicious activity on your account, please contact us here.
Thank you for your continued support of MeetMindful, and our mission to change the world – one connection at a time.
Keith + Wesley