LovePlanet, a Russian online dating platform serving users in Russia, Ukraine, and Belarus, suffered a data breach in approximately January 2015 when attackers exploited security flaws in LovePlanet's systems and exfiltrated a database containing personal information and credentials for approximately 20.1 million users. The breach has been attributed to the GnosticPlayers hacker group, which was responsible for a series of high-profile breaches at dating, consumer, and social platforms during the 2014 to 2019 period. The breach data was originally distributed on RaidForums, the dark-web breach-trading forum that was subsequently seized by law enforcement, before broader redistribution. DataBreach.com indexed the breach on February 3-4, 2025, approximately ten years after the original incident.

The breach affected approximately 20,077,733 unique user accounts based on records indexed by breach-tracking services. Compromised fields included usernames, email addresses, and passwords stored in plaintext. The plaintext password storage represents a critical security failure that exposes the original credential values directly, with no cryptographic protection of any kind. The breach was originally posted under the description 'loveplanet.ru 20m users plaintext' on RaidForums.

For affected users, the practical risk profile combines credential-reuse exposure with niche dating-platform-specific reputational risk in Russian and CIS markets. The plaintext password exposure means that any account where the user reused the LovePlanet password is fully compromised, with credential-stuffing risks expected on email, social media, financial, and other accounts where Russian and CIS users may have used the same password. The combination of email address, username, and confirmed dating-platform membership supports targeted phishing referencing the platform or related services. Inclusion in the dataset confirms a dating-platform relationship that may carry reputational consequences depending on the user's circumstances. Affected users who receive extortion attempts should not pay ransom demands because payment does not stop further extortion. Users should change all reused passwords immediately, enable two-factor authentication where available, document any extortion communications, and report extortion attempts to law enforcement. The ten-year gap between the original breach and the recent redistribution means that affected users should expect long-term exposure rather than a time-limited incident, with the dataset likely to remain in circulation indefinitely.

Dating platforms collect profile data, photos, messages, social activity, and subscription records tied to online matchmaking and relationship discovery.

The LovePlanet breach was publicly indexed by DataBreach.com on February 3-4, 2025, approximately ten years after the original 2015 incident, as part of the broader 2024 to 2025 wave of historical dating-platform breach redistribution and indexing. The breach has been attributed by DataBreach.com and other breach-tracking publications to the GnosticPlayers hacker group, which was responsible for a series of dating-platform and consumer-platform breaches during the 2014 to 2019 period. LovePlanet itself does not appear to have publicly acknowledged the breach, and the platform reportedly continues to operate. The breach was originally distributed on RaidForums (now defunct following law enforcement seizure) before broader redistribution.