Muslim Match, a niche dating and matrimonial platform focused on Muslim relationship-seekers, suffered a data breach in approximately June 2016 that was likely enabled by SQL injection based on the format of the leaked data, which consisted of six SQL-format documents. The breach was disclosed publicly when the dataset was provided to Have I Been Pwned and was subsequently released in full by security researcher Thomas White (TheCthulhu) for public download. Muslim Match's administrator did not respond to multiple disclosure-related communications, and the company's listed phone numbers were disconnected. The platform took its website offline shortly after Motherboard's reporting in late June 2016, initially for 'maintenance' and then for a 'Ramadan break.' The breach was indexed by Have I Been Pwned on June 29, 2016.

The breach affected approximately 149,800 user accounts based on records indexed by Have I Been Pwned and approximately 790,000 private messages between users that were included in the leaked dataset. Compromised fields included email addresses, usernames, IP addresses, geographic locations, account statuses, religious-matching profile attributes (including convert status, employment, living and marital status, and polygamy consideration), private messages between users, chat logs, and passwords hashed with MD5. The MD5 password storage represents a deprecated cryptographic algorithm vulnerable to rapid brute-force cracking, particularly without salting, meaning the underlying password values are recoverable for many users. The platform did not use HTTPS, meaning login credentials and private messages were transmitted in plaintext between users and the platform during normal operation. Cross-referencing of the leaked SQL files allowed researchers to link specific private messages to specific usernames, IP addresses, and password hashes.

For affected users, the practical risk profile is exceptionally severe because of the combination of religiously sensitive content, private messaging exposure, and weak credential protection. The exposure of private messages including marriage proposals, religious discussions, and personal disclosures creates targeted harassment, family-relationship, and reputational consequences that vary across cultural and family contexts. Users who exchanged Skype handles or other contact information through Muslim Match private messages may face additional cross-platform tracking and identification risk. Inclusion in the dataset confirms participation in a Muslim matrimonial platform, which can carry significant cultural or family consequences depending on the user's circumstances. Affected users who receive extortion or harassment attempts should not pay ransom demands because payment does not stop further extortion. Users should change all reused passwords immediately, enable two-factor authentication where available, document any extortion communications, and report extortion attempts to local law enforcement. The eight-year gap since the original breach and the public availability of the full dataset means affected users should expect long-term exposure rather than a time-limited incident. Users with personal-safety concerns related to family or community context may benefit from contacting confidential support resources appropriate to their circumstances.

Religious or matrimonial platforms collect highly sensitive profile data, family details, photos, messages, and relationship-intent records tied to faith-linked matchmaking.

Muslim Match took its website temporarily offline for 'maintenance' and then for a 'Ramadan break' after Motherboard contacted the operator about the breach in June 2016. The platform's administrator did not respond to multiple emails and messages sent through the site, and all of the company's listed phone numbers were disconnected. The platform's operational status following the 2016 breach has been unclear, with the site appearing to have been substantially inactive. Security researcher Thomas White (TheCthulhu) released the full breach dataset publicly for download, increasing the long-term distribution and accessibility of the leaked data. The case has been widely cited in cybersecurity coverage as a leading example of operational neglect at a niche-dating platform handling exceptionally sensitive religious and personal data.