Mate1

We've been tracking the resurgence of older breaches appearing on underground forums, often repackaged and sold as "new" data sets to unsuspecting buyers. What caught our attention with the Mate1 data wasn't its size—over 23 million records—but the sensitive nature of the exposed information and the plain text storage of passwords. This combination makes it particularly dangerous even years after the initial breach. The data had been circulating quietly, but we noticed increased chatter surrounding its value and potential for exploitation in credential stuffing attacks.

The Mate1 Data Dump: A Deep Dive into Dating Site Data

The February 2016 breach of dating site Mate1.com resulted in the exposure of 23,282,866 user records. While the breach itself isn't new, its reappearance and the nature of the data warrants renewed attention. The database contains a wealth of personal information, going beyond typical dating profile data to include details on users' drug and alcohol habits, income levels, and sexual preferences. The passwords were stored in plain text, a shocking security lapse even by 2016 standards. This lack of basic security practices significantly amplifies the risk to affected individuals.

The breach was discovered on February 28, 2016. While the initial reports focused on the large number of records, the real danger lies in the depth of personal information exposed. The presence of sensitive data points like drug use and sexual fetishes makes this breach particularly risky for extortion or blackmail attempts. The plain text passwords further increase the likelihood of account compromise across multiple platforms through credential reuse.

This breach matters to enterprises now because the exposed credentials can be used in credential stuffing attacks against corporate accounts. Individuals often reuse passwords across personal and professional accounts, making this old breach a potential gateway to enterprise systems. The sensitive personal information could also be used in targeted phishing campaigns against employees.

• Total records exposed: 23,282,866
• Types of data included: Email Address, Username, Passwords (plain text)
• Sensitive content types: Deeply personal information about private lives including drug and alcohol habits, incomes levels and sexual fetishes.
• Source structure: Database

External Context & Supporting Evidence

The Mate1 breach was widely reported at the time by various news outlets, including a detailed analysis by Troy Hunt on his blog, which highlighted the severity of the plain text password storage. Discussions on security forums like Breach Forums have recently seen renewed interest in the Mate1 data, with users sharing tips on how to "crack" accounts using the exposed credentials. This resurgence suggests that the data is still being actively used for malicious purposes.