Cyberattacks Target Bumble, Panera Bread, CrunchBase, and Match

A wave of cyberattacks has recently targeted several high-profile companies, including Bumble Inc., Panera Bread Co., Match Group Inc., and CrunchBase Inc. Cybersecurity experts are raising alarms about a new series of social engineering attacks aimed at U.S. businesses.

Bumble Inc., the parent company of popular dating apps such as Bumble, Badoo, and BFF, reported a security breach after one of its contractor’s accounts was compromised in a phishing incident. A spokesperson for the company stated that the hacker gained “brief unauthorized access to a small portion of our network.” Fortunately, they confirmed that the breach did not extend to the company’s member database, accounts, application, direct messages, or profiles.

In a similar vein, Panera Bread also alerted law enforcement after discovering a cybersecurity incident. According to a spokesperson, a hacker accessed a software application used for data storage. “The data involved is contact information,” the spokesperson noted, though further details were not provided.

Match Group confirmed on Wednesday that it experienced a cybersecurity incident affecting a “limited amount of user data.” The company is currently in the process of notifying affected customers. A spokesperson assured that there was no evidence suggesting that user login credentials, financial information, or private communications were compromised.

CrunchBase also acknowledged that documents on its corporate network were affected but stated that the incident had been contained. While Match’s system was breached on January 16, Bloomberg News has not been able to ascertain the exact timing of the other incidents.

Cybersecurity experts have recently issued warnings about a social engineering campaign targeting U.S. companies, which has been linked to a group that identifies itself as ShinyHunters. This group has claimed responsibility for the attacks on Bumble, Panera Bread, Match, and CrunchBase, although Bloomberg has not independently verified these claims.

Mandiant, a cybersecurity firm owned by Alphabet Inc.’s Google, recently warned about the ShinyHunters campaign. They reported that the group employs innovative “vishing” techniques to compromise single sign-on credentials from victim organizations, allowing them to remotely access systems.

Once inside a computer system, the hackers often pivot to software-as-a-service environments to steal sensitive data. Charles Carmakal, chief technology officer at Mandiant, stated in a written statement that a hacker identifying as ShinyHunters has approached some victims demanding extortion payments.

None of the companies contacted by Bloomberg have commented on the extortion demands.

Photo: Photographer: Daniel Acker/Bloomberg

Copyright 2026 Bloomberg.

A wave of cyberattacks has recently targeted several high-profile companies, including Bumble Inc., Panera Bread Co., Match Group Inc., and CrunchBase Inc. Cybersecurity experts are raising alarms about a new series of social engineering attacks aimed at U.S. businesses.

Bumble Inc., the parent company of popular dating apps such as Bumble, Badoo, and BFF, reported a security breach after one of its contractor’s accounts was compromised in a phishing incident. A spokesperson for the company stated that the hacker gained “brief unauthorized access to a small portion of our network.” Fortunately, they confirmed that the breach did not extend to the company’s member database, accounts, application, direct messages, or profiles.

In a similar vein, Panera Bread also alerted law enforcement after discovering a cybersecurity incident. According to a spokesperson, a hacker accessed a software application used for data storage. “The data involved is contact information,” the spokesperson noted, though further details were not provided.

Match Group confirmed on Wednesday that it experienced a cybersecurity incident affecting a “limited amount of user data.” The company is currently in the process of notifying affected customers. A spokesperson assured that there was no evidence suggesting that user login credentials, financial information, or private communications were compromised.

CrunchBase also acknowledged that documents on its corporate network were affected but stated that the incident had been contained. While Match’s system was breached on January 16, Bloomberg News has not been able to ascertain the exact timing of the other incidents.

Cybersecurity experts have recently issued warnings about a social engineering campaign targeting U.S. companies, which has been linked to a group that identifies itself as ShinyHunters. This group has claimed responsibility for the attacks on Bumble, Panera Bread, Match, and CrunchBase, although Bloomberg has not independently verified these claims.

Mandiant, a cybersecurity firm owned by Alphabet Inc.’s Google, recently warned about the ShinyHunters campaign. They reported that the group employs innovative “vishing” techniques to compromise single sign-on credentials from victim organizations, allowing them to remotely access systems.

Once inside a computer system, the hackers often pivot to software-as-a-service environments to steal sensitive data. Charles Carmakal, chief technology officer at Mandiant, stated in a written statement that a hacker identifying as ShinyHunters has approached some victims demanding extortion payments.

None of the companies contacted by Bloomberg have commented on the extortion demands.

Photo: Photographer: Daniel Acker/Bloomberg

Copyright 2026 Bloomberg.