Bumble, Panera Bread, CrunchBase, Match Hit by Cyberattacks
The hacker made “a brief unauthorized access to a small portion of our network,” the spokesperson said, adding that the company believes the access had ended
By : Bloomberg
Update: 2026-01-29 06:50 GMT
A wave of cyberattacks has hit Bumble, Panera Bread, Match Group, and CrunchBase as cybersecurity experts warn about a new round of social engineering attacks targeting US companies.
Bumble, the parent company of dating apps Bumble, Badoo and BFF, contacted law enforcement after one of its contractor’s accounts “was recently compromised in a phishing incident,” a spokesperson said.
The hacker made “a brief unauthorized access to a small portion of our network,” the spokesperson said, adding that the company believes the access had ended. The hackers didn’t get into the company’s member database, member accounts, the Bumble application, direct messages or profiles, the spokesperson said.
Similarly, Panera Bread said it had alerted law enforcement after identifying a cybersecurity incident and took steps to address it. A hacker accessed a software application Panera was using to store data, a spokesperson said.
“The data involved is contact information,” the spokesperson said, without elaborating.
Match also confirmed on Wednesday that it had suffered a cybersecurity incident affecting a “limited amount of user data,” and that it was in the process of notifying customers.
A spokesperson said there was no indication that user log-in credentials, financial information or private communications were accessed.
A CrunchBase spokesman said documents on its corporate network had been affected, but the company had contained the incident.
Match’s system was breached on Jan. 16, but Bloomberg News couldn’t determine when the incidents occurred.
Cybersecurity experts recently warned about a social engineering campaign targeting US companies, which has been attributed to a group that refers to itself as ShinyHunters. The group has claimed responsibility for the attacks on Bumble, Panera Breach, Match and CrunchBase, although Bloomberg couldn’t independently verify the claims.
Mandiant, a cybersecurity company owned by Alphabet Inc.’s Google, warned last week of the ShinyHunters campaign, saying the group used novel “vishing” techniques to compromise single sign-on credentials from victim organizations and remotely access their systems.
After getting into a computer system, the hackers pivot to software-as-a-service environments to steal sensitive data, Charles Carmakal, chief technology officer at Mandiant, said in a written statement.
A hacker that identifies themselves as ShinyHunters has approached some of the victims demanding an extortion payment, he added.