Love.mail.ru

In February 2021 the dating service Love.mail.ru owned by the major Russian tech company Mail.ru Group experienced a significant data exposure event. This incident occurred through an API vulnerability that allowed external actors to perform high scale automated parsing. The breach resulted in the collection of personal information belonging to approximately 10 million users. The scraped data included email addresses associated with the accounts user names and dates of birth. While not a direct database compromise via unauthorized access to internal systems the scale of the automated scraping through unsecured endpoints led to a major privacy violation and the exposure of user profiles to the public domain.