- Bumble Inc. experienced a phishing attack compromising a contractor's account briefly
- Panera Bread reported a data breach involving contact information stored in software
- Match Group confirmed a cybersecurity incident affecting limited user data
A wave of cyberattacks has hit Bumble Inc., Panera Bread Co., Match Group Inc., and CrunchBase Inc., as cybersecurity experts warn about a new round of social engineering attacks targeting US companies.
According to Bloomberg, Bumble Inc., the parent company of dating apps Bumble, Badoo, and BFF, contacted law enforcement after one of its contractor's accounts "was recently compromised in a phishing incident," a spokesperson said.
The hacker made "a brief unauthorized access to a small portion of our network," the spokesperson said, adding that the company believes the access had ended. The hackers didn't get into the company's member database, member accounts, the Bumble application, direct messages, or profiles, the spokesperson said.
Similarly, Panera Bread said it had alerted law enforcement after identifying a cybersecurity incident and took steps to address it. A hacker accessed a software application Panera was using to store data, a spokesperson said.
"The data involved is contact information," the spokesperson told the publication, without elaborating.
Match also confirmed on Wednesday that it had suffered a cybersecurity incident affecting a "limited amount of user data," and that it was in the process of notifying customers.
A spokesperson said there was no indication that user log-in credentials, financial information, or private communications were accessed.
A CrunchBase spokesman said documents on its corporate network had been affected, but the company had contained the incident.
Match's system was breached on Jan. 16, but Bloomberg News couldn't determine when the incidents occurred.
Cybersecurity experts recently warned about a social engineering campaign targeting US companies, which has been attributed to a group that refers to itself as ShinyHunters. The group has claimed responsibility for the attacks on Bumble, Panera Breach, Match, and CrunchBase, although Bloomberg couldn't independently verify the claims.
Mandiant, a cybersecurity company owned by Alphabet Inc.'s Google, warned last week of the ShinyHunters campaign, saying the group used novel "vishing" techniques to compromise single sign-on credentials from victim organizations and remotely access their systems.
After getting into a computer system, the hackers pivot to software-as-a-service environments to steal sensitive data, Charles Carmakal, chief technology officer at Mandiant, said in a written statement.
A hacker that identifies themselves as ShinyHunters has approached some of the victims demanding an extortion payment, he added.
None of the companies contacted by Bloomberg commented on the extortion demand.
Track Latest News Live on NDTV.com and get news updates from India and around the world
