A group of hackers claims it accessed personal information linked to 35 million OkCupid users. Here’s what happened, what data may have been taken, and how you can better protect your information.
Table of Contents
What Happened?
The post appeared on June 9, 2026. The attackers said they obtained “privileged access” to OkCupid’s internal API (a system that allows different software tools to communicate with each other).
Cybernews researchers reviewed a small sample of the data shared by the attackers. However, they said there is currently no way to confirm whether information from all 35 million users was actually taken.
OkCupid had not publicly responded to the claims at the time of reporting.
Who Was Affected and What Data Was Taken?
If the hackers’ claims are accurate, the incident could affect up to 35 million OkCupid users.
Researchers who reviewed the sample found:
- Dating profile information
- Email addresses
- Other personally identifiable information (PII — information that can identify a person)
- Bcrypt password hashes (encrypted versions of passwords)
Researchers confirmed that the email addresses shown in the sample appeared to belong to real users. However, they could not verify the full size of the claimed breach.
The company has not publicly confirmed how many users were affected or exactly what information may have been taken.
Information from dating platforms can be especially valuable to criminals. It may reveal personal interests, relationship details, private conversations, or other information people prefer to keep private.
Criminals may use this type of information in phishing emails, impersonation attempts, identity theft, or even blackmail schemes.
It is also important to remember that many people never realize their information was involved in a data breach. Some incidents receive little attention, while others are discovered months later.
If you are not sure whether your information was leaked somewhere online, automatic monitoring can help you spot problems earlier.
Futureproof monitors your email 24/7 for data leaks and gives clear steps to secure your account from scams.
Futureproof scans your data for leaks and shows exactly how to close security gaps — before scammers find them first.
Check my safetyHow Criminals May Have Gained Access
Researchers do not know exactly how the information was obtained.
One possibility is that criminals gained access to an account belonging to a developer or database administrator. Another possibility is that they found a weakness involving the API.
Researchers also noted that all email addresses shown in the sample had appeared in previous data breaches. Because of that, they cannot rule out the possibility that some of the information came from older incidents collected together.
At this stage, the exact source of the data remains unknown.
At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
