Zoosk 2020 Data Breach
ObscureIQ Breach Intelligence
Moderate SeverityWebsite / service breach
Zoosk Dating Platform Breach (2020): 23 Million User Profiles Including Sexual Orientation, Religion & Political Views Exposed
Online dating platform.
Verified by ObscureIQ Intelligence
54/100Breach Risk Index
40Data Value
10Market Recency
2089dSince Breach
Breach Intelligence Summary
Entity: Zoosk · Actor: Unknown · Sources: 3 references
Attack: Misconfiguration
Profile: Platform · Online dating and matchmaking · General dating platform · Global
Timeline: Breach (2020-01-01) · Indexed (Aug 07, 2020) · Year (2020)
Exposure: 23.9M records · 17 fields: Account Balance, Date of Birth, Display Name, Education Information, Email Address, Ethnicity or Race, Family Structure, Financial Profile, Full Name, Gender, Geographic Location, Lifestyle Habits, Physical & Lifestyle Profile, Political Views, Relationship Status, Religion, Sexual Orientation
Status: Reported
Executive Summary
Zoosk, an online dating platform with tens of millions of users across multiple countries, suffered a data breach in January 2020 that exposed approximately 23.9 million user records. The breach was subsequently distributed widely across online hacking communities. The attack vector was a misconfiguration, meaning the exposure was not the result of sophisticated intrusion but of a security oversight within Zoosk's own systems. The breach was later provided to the public breach notification service Have I Been Pwned by the site breachbase.pw. The data exposed goes well beyond basic account information. Affected users had the following types of information compromised: names, nicknames, email addresses, dates of birth, geographic locations, physical attributes including height and weight, income levels, account balances, education levels, and family structure. Critically, the breach also included sexual orientations, religions, political views, ethnicities, relationship statuses, and habits around smoking and drinking. The combination of these fields is what makes this breach particularly dangerous. None of these categories were disclosed in isolation. An outside party holding this dataset can link a person's identity to their sexual orientation, faith, or ethnicity without that person ever having disclosed those details publicly. This creates real risk of targeted discrimination, blackmail, or harassment, regardless of how discreetly the individual used the platform. Zoosk notified users and prompted credential resets following the breach. No major regulatory enforcement action or class action settlement specific to this incident has been prominently documented. People affected should treat their email address as exposed and be alert to phishing attempts, romance scams using their profile details, or impersonation. Anyone whose sexual orientation, religion, or ethnicity appeared in this dataset should be aware that this information may be in circulation in criminal communities and could be used to target them specifically.
ObscureIQ assessment: Exposure enables harassment, stalking, phishing, and identity linkage around dating behavior. Subscription and profile data can also support romance scams or impersonation.
Breach Impact
In January 2020 Zoosk suffered a breach exposing approximately 24 million user records including email addresses, nicknames, dates of birth, genders, sexual orientations, relationship statuses, family structure, education, ethnicity, religion, financial profile data, physical attributes, and account balances. The breadth of personal profile data — particularly sexual orientation, religion, and ethnicity combined on a dating platform — is what places this record in the restricted tier. Zoosk notified users and initiated credential resets. No major settlement or regulatory action specific to this breach has been prominently documented.
About Zoosk
Zoosk is an online dating platform operating across multiple countries, offering matching, messaging, and virtual gifting features to a predominantly adult user base. The company was founded in 2007 and has changed ownership multiple times, eventually being acquired by Spark Networks — the parent of Silversingles and other dating properties — in 2019. It operates as one of several platforms in the competitive general dating market.
Why They Hold Your Data
Dating platforms collect user identity, profile details, photos, messages, relationship preferences, subscription records, and engagement activity tied to matchmaking workflows.
Recent Developments
Zoosk has continued operating under Spark Networks, which has navigated a challenging environment for subscription dating platforms facing competition from app-based services. No major standalone Zoosk organizational changes have been prominently reported in the recent period.
Data Points Exposed
17 verified field types
Account Balance High
Date of Birth High
Display Name
Education Information
Email Address
Ethnicity or Race High
Family Structure
Financial Profile High
Full Name High
Gender
Geographic Location
Lifestyle Habits
Physical & Lifestyle Profile
Political Views High
Relationship Status
Religion High
Sexual Orientation High
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:Critical
Primary downstream threats:
- Financial fraud using exposed financial profile data
- Identity verification bypass using name + date of birth combination
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- High-value targeting
- Identity verification bypass
- Account tracking
- Cross-platform tracking
- Credential fraud & spear-phishing
- Phishing, credential stuffing & account takeover
- Discriminatory targeting & hate crime enablement
- Household targeting
- Loan fraud & targeted financial scams
- Name-based social engineering
- Profile enrichment
- Pattern-of-life analysis & physical surveillance
- Insurance discrimination & targeting
- Physical description for fraud & imposture
- Social engineering context
- Targeted harassment & discrimination
- Outing, blackmail & targeted violence
Recommended Actions
If you believe your information may be included:
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Zoosk breach?▾
Zoosk, an online dating platform with tens of millions of users across multiple countries, suffered a data breach in January 2020 that exposed approximately 23.9 million user records. The breach was subsequently distributed widely across online hacking communities. The attack vector was a…
What data was exposed?▾
Verified fields include Account Balance, Date of Birth, Display Name, Education Information, Email Address, Ethnicity or Race, Family Structure, Financial Profile, Full Name, Gender, Geographic Location, Lifestyle Habits, Physical & Lifestyle Profile, Political Views, Relationship Status, Religion, Sexual Orientation.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation