Coffee Meets Bagel Hacked — Why The App Went Offline & What’s Next

The Coffee Meets Bagel app restored service on Sept. 3 after being hacked, but user data and security is in question, investigation is ongoing.
digital illustration of a happy couple on a date at an outdoor cafe in the evening with the coffee meets bagel dating app logo in white at the center between them

Coffee Meets Bagel, a popular dating app boasting “over 150 million matches and counting,” is back online as of Sept. 3 after being hacked by an “outside actor who maliciously deleted company data and files,” resulting in the service being down for nearly a week beginning on Aug. 27, 2023.

An update shared by the company explained that it “quickly re-established a secure environment for our technology team to restore our production services and notified law enforcement about this incident,” with its team working around the clock to repair the damage.

What We Know About The Outage:

  • Coffee Meets Bagel (CMB) went down on Aug. 27, 2023, remaining inaccessible to its users until service was restored at 4:46 pm PDT on Sept. 3.
  • Updates had been posted almost daily throughout the outage with no word about its cause until the day the app was back online. The company explained that the outage was caused by a hacker and that law enforcement had been notified.
  • Many users noted a decrease in app responsiveness for weeks prior to the service going offline, although we have not confirmed any direct connection to the hacking, which took the app offline completely.
  • Some CMB users on Reddit noted sporadic app access (briefly) heading into the start of the Labor Day weekend before service was fully restored by the end of it.

*Editor’s Note: This article is being continuously updated as we learn more about what happened at Coffee Meets Bagel.

Founded by sisters Dawoon, Soo, and Arum Kang, Coffee Meets Bagel is a dating app designed to foster meaningful connections between lonely single people.

The company claims that 91% of its daters “are looking for a serious relationship” and the Coffee Meets Bagel app offers “less swiping, and more matching, chatting, and *actual* dating.”

Despite being hacked, the Coffee Meets Bagel app is now online and by all accounts, fully functioning.

We have reached out to the company’s founders and industry insiders to find out more about what happened, if user data was compromised and if so, what is being done; however, they have not responded to our requests.

Editor’s note: We are continually investigating this developing situation and speaking with more sources. If you have any additional information or have experienced problems with the Coffee Meets Bagel app in recent weeks, please contact [email protected]. Any provided insight will be taken on background only (without direct quotes or identifying information) unless you explicitly specify that you wish to go on record.

Why The Coffee Meets Bagel App Went Offline

screenshot image of a purple heart with a magnifying glass over it with text below reading "no one to discover yet"

In a lengthy update released on Sept. 3, Coffee Meets Bagel explained that the service outage was the result of a hacker:

“We determined that the outage was the result of an outside actor who maliciously deleted company data and files. We quickly re-established a secure environment for our technology team to restore our production services and notified law enforcement about this incident.  

We restored access to our site on Sunday, September 3, after our team spent days working around the clock to rebuild our system from offline backups so that daters could securely get back online.” 

CMB assured its dedication to maintaining the security of its user base going forward, saying that it has “launched a thorough investigation, which is still ongoing, to understand the full scope of the incident and are working to further enhance company cybersecurity.”

We spoke with Josh Amishav, founder and CEO of Breachsense, a service that enables companies to take a proactive approach when customer data has been compromised.

“An app outage due to hacking can be extremely challenging to recover from, both technically and from a business standpoint,” he explained.

“The time to recover really depends on the complexity of the attack, how well-prepared the victim was, and the resources available to help the company recovery,” he said.

Amishav continued:

“Internally, the security team needs to conduct an incident response investigation by thoroughly reviewing the logs, various system statuses, and any altered data to understand the extent and nature of the breach.

Security teams that don’t have the in-house capabilities should hire external help that specialize in this.”

He noted that depending on the nature of the attack and the data that was leaked, law enforcement should be notified and typically needs access to the same forensics data.

“Recovery may be as simple as updating an account password, but can also be as severe as identity theft or financial fraud,” Amishav explained. “The nature of the compromised data normally dictates the level of concern and the subsequent steps needed for damage control.”

Brad Jones, the technical founder and CTO of Meet Kinksters, shared his thoughts about the ramifications of a lengthy app outage such as the one Coffee Meets Bagel faced:

“Communication with users early and often is central to maintaining trust,” he explained.

“Consumers can be fickle and will form lasting impressions of a service if their experience is sub-par,” Jones said. “If there is an extended outage, it’s critical for sites to be proactive, instead of reactive, in explaining what happened, what comes next, and providing transparency on data security.”

“There are laws in many states and countries requiring users be notified if data was accessed by unauthorized parties,” Jones explained. “Concerned users have a right to know if their data has been compromised, and to what extent.”

We have reached out to backend engineers at Coffee Meets Bagel to learn more about the outage and the company’s next steps and will update this story as information becomes available.

Amishav explained that the long-term effects of an app outage due to hacking can be significant.

“New and existing customers may hesitate to use the service, and regulatory bodies could impose fines or sanctions on the company,” he said, noting that a proactive stance to prevent attacks is far less costly compared to cleaning up the mess after the fact.

When Did Coffee Meets Bagel Get Back Online?

screenshot of a purple circle icon in a go-button style with text beneath that reads: looking for someone?

After going dark on Aug. 27, 2023, the Coffee Meets Bagel dating app restored service to its entire user base on Sept. 3.

Some users briefly noted sporadic and limited app connectivity beginning on Sept. 1 as repairs took place.

As of Sept. 3, all Coffee Meets Bagel app users should have full access to their accounts.

Should You Be Worried About The Coffee Meets Bagel Outage?

If you’re a regular user of the Coffee Meets Bagel app, you might be concerned about the status of your account and any connections you’re potentially missing with others.

The company had offered information regarding user accounts throughout the outage and is doing its best to set things right in the aftermath.

  • Is Your Data Safe?

The safety of user data at Coffee Meets Bagel remains in question until the company completes its investigation.

The outage itself was caused by a hacker, although limited information regarding the depth of what happened has been provided because the situation remains under investigation — both internally, and with law enforcement.

  • What Comes Next Now That Service Is Restored?

As an extra precaution, all users were logged out of the CMB app and will need to log in the first time they access it again.

The company noted that users should log into their accounts “using the original method you used to sign up for the app. If the app prompts you to create a new account, you likely have tried to sign in using a different method.”

Users who cannot recall how they signed up or who have changed their phone numbers since doing so should contact CMB’s customer support team directly for assistance.

Coffee Meets Bagel apologized for the service disruption and hopes “to make it up to new and existing CMB Daters alike.”

“In addition to restoring your experience,” they said, “we’ve added 1,000 beans [in-app currency] to any accounts that were active 14 days prior to the outage to make up for lost time.” 

Additionally, all active chats have been extended by 7 days and all subscribers will receive a 14-day extension for free.

  • Will The Outage Affect Paid Subscriptions Or Boosts?

Subscriptions have been extended by 14 days (twice the amount of time the app was offline) and profiles that were boosted between Aug. 20 and Aug. 27 will have an additional Boost added to their wallet.

CMB noted that Boost is currently under maintenance so the credit may not appear right away.

  • Were Potential Dating Matches Missed — Or Ignored

The company assured its members that the outage affected ALL users across the board, so your potential matches will not think you ignored them, or vice versa.

Potential matches were also not sent during the outage so they weren’t missed — and they have resumed now that the service is in working order.

  • Did Current Chats Expire During The Outage?

Coffee Meets Bagel said that it extended all active chats by 7 days so they should not be expired. If you encounter issues, contact CMB’s customer support team.

Closing Thoughts

Although the Coffee Meets Bagel app was offline for nearly a week after being hacked, the company worked tirelessly to restore service to its members and it is back online as of Sept. 3, 2023.

“We do not take your trust in us lightly and we plan to update you as soon as we’ve pieced everything together,” they explained, referring to its ongoing investigation.

How all of this will affect the business going forward, however, remains to be seen.

We will update this article with new information about the outage at Coffee Meets Bagel as we receive it.