Last updated 1 month ago
WhiteDate, a dating website platform, experienced a data breach in December 2025 that exposed 20,363 unique user accounts. The breach was publicly disclosed in December 2025 when the data appeared online, initially revealing 6,100 email addresses before the full dataset containing 20,000 unique email addresses was provided to Have I Been Pwned. The compromised data represents the complete user population of the affected service.
The breach resulted in unauthorized access to the platform's user database, leading to exfiltration of extensive personal information including email addresses, usernames, IP addresses, private messages, and phpBB password hashes. The dataset also contained highly sensitive personal attributes including detailed physical appearance descriptions, income levels, education backgrounds, and IQ scores, creating significant privacy and security risks for affected individuals.
The breach notification occurred through third-party data breach notification services rather than direct company communication. The complete dataset became available to security researchers and breach monitoring services, enabling external validation of the exposed records and data types.
The WhiteDate breach demonstrates critical failures in protecting sensitive user data, particularly the storage of highly personal attributes like IQ scores and physical appearance details alongside authentication credentials. The exposure of phpBB password hashes indicates inadequate password storage practices for a platform handling intimate personal information. The incident highlights the need for dating platforms to implement stronger access controls, encrypt sensitive personal attributes separately from authentication data, and maintain comprehensive audit trails for database access.
Sign in to join the discussion.
Company
Industry
Disclosed
Records Affected
Attack Vector
Industry
Attack Vector