January’s biggest data breaches exposed

January 2026 started with two major cybersecurity concerns that quickly gained attention across the security community. One involved a large-scale data breach affecting Match Group, while the other centered on a critical vulnerability discovered in the SmarterMail email platform.
On January 28, the threat actor group known as ShinyHunters claimed responsibility for a breach involving Match Group services, including Hinge, Match.com, and OkCupid. According to reports, the attackers gained access through a third-party mobile analytics provider and obtained millions of user records. The exposed information reportedly included user IDs, profile details, IP addresses, phone numbers, payment-related data, geolocation information, authentication tokens, and internal company documents. Although the attackers initially claimed to have stolen more than 10 million records, later analysis suggested that around 2 million records were actually exposed. Even so, the incident raised serious concerns about third-party vendor security and the growing use of voice phishing attacks to compromise identity management systems.
At the same time, security agencies warned organizations about CVE-2025-52691, a critical vulnerability affecting SmarterMail. The flaw allows attackers to upload malicious files without authentication, potentially leading to full remote code execution on vulnerable servers. Since no credentials are required, the vulnerability presents a significant risk to organizations using affected versions of the platform. Successful exploitation could enable attackers to gain persistent access, steal emails, deploy malware, and move laterally across networks.
These incidents highlight two of the biggest cybersecurity challenges organizations continue to face: credential-based attacks and unpatched software vulnerabilities. Security teams should prioritize timely patch management, strengthen access controls, monitor logs for suspicious activity, and enhance threat detection capabilities to reduce their exposure to evolving cyber threats.