Lovora Breach: 496K Accounts Exposed

Overview

In February 2026, the couples and relationship app Lovora suffered a data breach that exposed 495,556 unique email addresses. The compromised data also included users’ display names, profile photos, and other personal information collected through the app. The breach was reported to Have I Been Pwned, allowing users to check if their accounts are affected. The app’s maker, Plantake, has not yet publicly confirmed the breach or disclosed how the data was compromised.

While email addresses and names are not as sensitive as passwords or financial data, their exposure in a relationship-focused app carries specific risks. The context of the app-storing intimate relationship data-could make victims targets for extortion or phishing attacks.

What Was Exposed

The breach primarily exposed:

• Email addresses (495,556 unique emails) – Can be used for spam, phishing, or credential-stuffing attempts.
• Display names – Could reveal real names or usernames used across platforms.
• Profile photos – May be used for social engineering, especially given the app’s romantic context.
• Other personal information – Not fully specified, but could include relationship status, preferences, or private messages.

The exposure of profile photos and relationship data elevates the risk beyond a typical credential dump. Attackers could harvest this data to build detailed dossiers on victims, potentially for blackmail or targeted harassment.

What to Do Right Now

1. Check if you’re affected – Visit Have I Been Pwned and enter your email address. If your account appears in the breach, proceed with the steps below.

2. Watch for targeted phishing – Attackers may send emails referencing your Lovora profile, pretending to be from Plantake or offering relationship advice. Do not click links in suspicious emails, and always verify before entering login credentials.

3. Review account activity – Log into your Lovora account and check for unauthorized changes to your profile, messages, or account settings. Change your password if you still use the same one.

4. Enable two-factor authentication (2FA) – If Lovora offers 2FA, activate it. This adds a layer of protection even if your email is exposed.

5. Be cautious on social media – Attackers might use your Lovora display name or profile photo to impersonate you, especially on dating or relationship platforms. Consider setting your social profiles to private temporarily.

How to Check If You’re Affected

Affected Lovora users can verify their exposure through Have I Been Pwned (HIBP), a free data breach notification service. Visit haveibeenpwned.com and enter the email address you used with Lovora. If the email is found in the breach, HIBP will display a warning and offer guidance. This is the safest way to check without entering your data into unverified third-party sites.

For broader security context, follow our cybersecurity news coverage to stay informed about similar breaches.

Security Insight

This breach reveals a concerning lack of transparency from Plantake. Rather than notifying users directly, victims discovered the incident only after the data appeared on Have I Been Pwned. In an app where users share intimate relationship details, the absence of a proactive disclosure suggests a broader weakness in security governance. Compared to similar breaches in the dating and relationship app space, such as the Adult Friend Finder leaks or Ashley Madison compromise, Lovora’s breach underscores a recurring pattern: apps that collect sensitive personal data often lack the incident response protocols needed to protect user trust.

Further Reading

• All Medium Breaches
• Recent Data Breaches