A threat actor is claiming to be selling a database allegedly containing more than 15 million Grindr user records, raising concerns about the potential exposure of highly sensitive personal information tied to one of the world’s largest LGBTQ+ dating platforms.
The listing appeared on a cybercrime forum on June 1, 2026, where the seller advertised an alleged database containing user registration details, account information, and profile data. The actor is offering the purported dataset for cryptocurrency and published sample records to support the claim.
Grindr is a location based social networking and dating platform primarily used by LGBTQ+ communities, making any alleged exposure of user information particularly sensitive due to privacy and safety concerns.
Sample data reviewed by BreachNews
BreachNews reviewed sample records published alongside the listing. The sample appears to contain detailed user account and profile information rather than a simple contact database.
Fields visible in the sample include user IDs, email addresses, usernames, display names, names, password hashes, OAuth identifiers, hashed phone numbers, sexual orientation, dates of birth, city and country information, latitude and longitude coordinates, profile preferences, HIV status disclosures, profile biographies, account status information, subscription tiers, device details, IP addresses, timestamps, and activity metrics.
Several sample records contain activity timestamps extending into late May and June 2026. The records reviewed by BreachNews include accounts authenticated through third party providers such as Google and Apple, as well as accounts containing bcrypt password hashes.
The sample also appears to contain information related to account verification status, premium subscriptions, user activity history, device types, profile completion metrics, and geolocation data.
While the sample data appears highly structured and internally consistent, the presence of sample records alone does not establish that the information originated from Grindr systems, nor does it confirm the seller possesses the full volume of records claimed in the listing.
Questions remain about authenticity and scope
Several aspects of the listing warrant caution.
The seller claims the database contains more than 15 million records but is offering access for approximately $400, a relatively low asking price for a purported dataset of that size and sensitivity.
At this stage it remains unclear whether the sample represents data obtained directly from Grindr systems, information gathered through compromised user accounts, data originating from a third party provider, previously exposed records, or another source entirely.
The claim follows a recent wave of alleged dating platform database listings appearing on cybercrime forums. BreachNews recently reported that an alleged OnlyFans mega leak appears tied to older breach data, and subsequently updated that report with details of a separate unverified claim involving an alleged Bumble dataset containing more than 32 million records.
Potential privacy risks if authentic
If authentic, the alleged dataset could present significant privacy risks due to the nature of the platform and the types of information reportedly included.
The sample reviewed by BreachNews contains information that extends beyond basic contact details, including profile attributes, location data, relationship preferences, and other personal information that users may reasonably expect to remain private.
The presence of bcrypt password hashes could also create additional risks. While bcrypt is designed to resist password cracking attempts, threat actors may still attempt offline attacks against weak or reused passwords and leverage recovered credentials in credential stuffing campaigns against other services.
The alleged inclusion of geolocation information, profile data, and account activity details could further increase risks associated with phishing, impersonation, harassment, extortion attempts, and other forms of abuse.
Verification remains ongoing
BreachNews has not independently verified that the data originated from Grindr or that the seller possesses the quantity of records claimed in the listing.
Grindr had not issued any public statement regarding the alleged database sale at time of publication.
BreachNews will continue monitoring for company responses, regulatory disclosures, or additional evidence that may help determine whether the alleged dataset is authentic.
