Color Dating 2018 Data Breach

Color Dating Interracial Dating App Breach (2018): 222K User Profiles Including Photos, Location & Passwords Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MisconfigurationDatingDate of BirthEmail AddressFull NameGeographic LocationPasswordProfile BioProfile Photo
Moderate SeverityWebsite / service breach

Color Dating Interracial Dating App Breach (2018): 222K User Profiles Including Photos, Location & Passwords Exposed

Interracial dating app designed for diverse matchmaking and social discovery.

Verified by ObscureIQ Intelligence
56/100Breach Risk Index
25Data Value
25Market Recency
419dSince Breach

Breach Intelligence Summary

Entity: Color Dating · Actor: Unknown · Sources: 3 references
Attack: Misconfiguration
Profile: Platform · Niche dating and matchmaking · Interracial dating platform · Global
Timeline: Breach (2018-09-05) · Indexed (Mar 04, 2025) · Year (2018)
Exposure: 222K records · 7 fields: Date of Birth, Email Address, Full Name, Geographic Location, Password, Profile Bio, Profile Photo
Status: Confirmed

Executive Summary

Color Dating, a mobile dating application focused on interracial matchmaking, suffered a data breach in September 2018 that exposed user profile data for approximately 221,707 user accounts. The original compromise vector and specific vulnerability have not been publicly detailed by Color Dating. The breach data was redistributed as part of a larger corpus of breach data circulating among breach-trading communities and was publicly indexed by DataBreach.com and Have I Been Pwned on March 3-4, 2025, approximately six and a half years after the original incident. The breach affected approximately 221,707 user accounts based on records indexed by breach-tracking services. Compromised fields included email addresses, full names, dates of birth, user biographical information, profile photographs, geographic location data, and passwords stored as bcrypt hashes. The bcrypt password storage represents modern cryptographic practice and provides meaningful resistance to brute-force cracking, though weak or commonly used passwords may still be recoverable with sustained computational effort. The combination of profile photographs with precise geographic location data, dates of birth, and dating-platform context creates an unusually sensitive identification risk because affected users can be visually and contextually identified across multiple data points. For affected users, the practical risk profile combines credential-reuse exposure with niche-dating-platform-specific reputational risk. The combination of name, date of birth, email address, and bcrypt-hashed password supports both credential-stuffing attacks against other accounts and synthetic-identity-fraud risk where the password values are eventually recovered. More distinctively, inclusion in the Color Dating dataset confirms a dating-platform relationship explicitly framed around interracial dating, which can support targeted harassment, doxxing, or extortion campaigns referencing race and dating behavior. The exposure of profile photographs combined with geographic location data creates physical-identification risk because users can be visually matched to specific cities or regions. Affected users who receive extortion attempts should not pay ransom demands because payment does not stop further extortion. Users should change any reused passwords on other accounts, enable two-factor authentication where available, document any extortion communications, and report extortion attempts to law enforcement. Users with concerns about the disclosure timing should be aware that the original breach occurred in September 2018 and the data has been in circulation among threat actors for over six years, meaning passwords from that era should be treated as compromised across all uses.

ObscureIQ assessment: High sensitivity. Exposure enables harassment, stalking, extortion, and identity linkage around race, dating behavior, and intimate preferences.

Breach Impact

The institutional impact on Color Dating has been limited because of the late public disclosure, the relatively small scale of the affected user base, and the platform's apparent absence from active operation. No formal regulatory action has been documented, and civil litigation has been minimal because the underlying incident occurred in 2018, placing many class-action timelines outside applicable statutes of limitation. The reputational impact concentrated on the broader niche-dating-platform sector rather than Color Dating specifically. The case has been cited in security commentary alongside other 2024 to 2025 dating-platform breach disclosures as illustrating the persistent risk of dataset redistribution years after the original compromise.

About Color Dating

Color Dating, also branded as ColorDate (colordate.app), was a niche dating mobile application designed to facilitate matchmaking between users of different ethnic and racial backgrounds, marketed primarily to users seeking interracial dating relationships. The platform operated as an account-based mobile dating service with user profiles including biographical information, profile photographs, dates of birth, geographic location data, and personal-preference settings tied to interracial matchmaking. As a niche dating platform with explicit ethnicity-related framing, Color Dating maintained substantially more sensitive demographic and identity data than mainstream dating platforms because platform membership inherently signals user attitudes about race and dating preferences.

Why They Hold Your Data

Niche dating platforms collect highly sensitive profile data, photos, messages, relationship preferences, subscription records, and identity attributes tied to interracial matchmaking.

Recent Developments

The Color Dating breach surfaced publicly on March 3-4, 2025 when the data was indexed by DataBreach.com and Have I Been Pwned approximately six and a half years after the original September 2018 incident. Color Dating itself has not publicly detailed the original incident, the specific vulnerability that enabled the compromise, or post-incident security measures. The breach is one of multiple niche-dating-app breaches that surfaced during the 2024 to 2025 redistribution wave when historical breach datasets were repackaged and distributed by breach-trading communities. The case has been cited in dating-app cybersecurity commentary as illustrating the long-tail exposure risk for users of niche dating platforms whose membership alone reveals sensitive personal preferences.

Data Points Exposed

7 verified field types
Date of Birth High
Email Address
Full Name High
Geographic Location
Password Critical
Profile Bio
Profile Photo

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Identity verification bypass using name + date of birth combination
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Pattern-of-life analysis & physical surveillance
  • Credential stuffing & account takeover
  • Social engineering context
  • Deepfake & identity document fraud

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Color Dating breach?

Color Dating, a mobile dating application focused on interracial matchmaking, suffered a data breach in September 2018 that exposed user profile data for approximately 221,707 user accounts. The original compromise vector and specific vulnerability have not been publicly detailed by Color Dating.…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Geographic Location, Password, Profile Bio, Profile Photo.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation