Color Dating, a mobile dating application focused on interracial matchmaking, suffered a data breach in September 2018 that exposed user profile data for approximately 221,707 user accounts. The original compromise vector and specific vulnerability have not been publicly detailed by Color Dating. The breach data was redistributed as part of a larger corpus of breach data circulating among breach-trading communities and was publicly indexed by DataBreach.com and Have I Been Pwned on March 3-4, 2025, approximately six and a half years after the original incident.

The breach affected approximately 221,707 user accounts based on records indexed by breach-tracking services. Compromised fields included email addresses, full names, dates of birth, user biographical information, profile photographs, geographic location data, and passwords stored as bcrypt hashes. The bcrypt password storage represents modern cryptographic practice and provides meaningful resistance to brute-force cracking, though weak or commonly used passwords may still be recoverable with sustained computational effort. The combination of profile photographs with precise geographic location data, dates of birth, and dating-platform context creates an unusually sensitive identification risk because affected users can be visually and contextually identified across multiple data points.

For affected users, the practical risk profile combines credential-reuse exposure with niche-dating-platform-specific reputational risk. The combination of name, date of birth, email address, and bcrypt-hashed password supports both credential-stuffing attacks against other accounts and synthetic-identity-fraud risk where the password values are eventually recovered. More distinctively, inclusion in the Color Dating dataset confirms a dating-platform relationship explicitly framed around interracial dating, which can support targeted harassment, doxxing, or extortion campaigns referencing race and dating behavior. The exposure of profile photographs combined with geographic location data creates physical-identification risk because users can be visually matched to specific cities or regions. Affected users who receive extortion attempts should not pay ransom demands because payment does not stop further extortion. Users should change any reused passwords on other accounts, enable two-factor authentication where available, document any extortion communications, and report extortion attempts to law enforcement. Users with concerns about the disclosure timing should be aware that the original breach occurred in September 2018 and the data has been in circulation among threat actors for over six years, meaning passwords from that era should be treated as compromised across all uses.

Niche dating platforms collect highly sensitive profile data, photos, messages, relationship preferences, subscription records, and identity attributes tied to interracial matchmaking.

The Color Dating breach surfaced publicly on March 3-4, 2025 when the data was indexed by DataBreach.com and Have I Been Pwned approximately six and a half years after the original September 2018 incident. Color Dating itself has not publicly detailed the original incident, the specific vulnerability that enabled the compromise, or post-incident security measures. The breach is one of multiple niche-dating-app breaches that surfaced during the 2024 to 2025 redistribution wave when historical breach datasets were repackaged and distributed by breach-trading communities. The case has been cited in dating-app cybersecurity commentary as illustrating the long-tail exposure risk for users of niche dating platforms whose membership alone reveals sensitive personal preferences.