OkCupid Data Scrape: Hacker Claims to Sell 35M User Records
Hacker claims to sell 35M OkCupid user records scraped via internal API.
Summary
A threat actor known as 'authentic' claims to have scraped 35 million OkCupid user records by accessing the dating app's internal API. The stolen data allegedly includes names, emails, phone numbers, hashed passwords, dates of birth, sexual orientation, precise location, and dating preferences. If confirmed, this breach could lead to severe consequences like targeted harassment, doxxing, and identity theft, particularly for users in regions where their sexual orientation poses a risk.
Full text
Data35M users PriceTelegram sale CountryUnited States Actorauthentic ▣Post details TargetOkCupid (dating app) CountryUnited States SectorOnline Dating / Social ClaimUser database scraped via internal API, for sale Data35,000,000 user profiles ObservedJun 5, 2026 PriceTelegram sale Actorauthentic (VIP) !Allegedly exposed 35M user profiles (claimed) Names, usernames & emails Phone numbers Hashed passwords Dates of birth & age Gender, pronouns & sexual orientation Precise location (city, GPS coords) Dating prefs, signup IP & billing tier ◱Screenshot Screenshot 1 Redacted preview ⚠Potential impact If genuine, a 35 million-user dating database would be among the most dangerous exposures possible: it links real identities to sexual orientation, precise location, dates of birth, and intimate dating preferences, alongside emails, phone numbers, and hashed passwords. That combination enables targeted harassment, sextortion, doxxing, stalking, and identity theft, and is especially dangerous for users in places where sexual orientation can carry legal or physical risk. The scale and authenticity are unconfirmed, and "internal API scraping" claims should be treated with caution. iStatus Unverified A column listing and sample records were posted to an underground forum, with Telegram and Session contacts for buyers; the sample records and contact identifiers are not reproduced here. The claim has not been independently confirmed and OkCupid has not publicly addressed it. Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing → DARK WEB INFORMER - THREAT INTELLIGENCE