Lovora Breach: 496K Accounts Exposed

Overview

In February 2026, the couples and relationship app Lovora, operated by the company Plantake, allegedly suffered a significant data breach. Reports indicate that approximately 495,556 user accounts were compromised. The breach exposed personal information submitted by users to the platform. As of this advisory, Plantake has not publicly acknowledged the incident or responded to inquiries, leaving users without direct guidance from the company. This breach has been verified and included in the Have I Been Pwned database.

What Was Exposed

The breach exposed several types of personal data. The confirmed categories include:

• Email Addresses: The primary contact point for every affected account.
• Names: Specifically, the display names chosen by users for their profiles.
• Profile Photos: Images uploaded by users to represent themselves on the app.

The original report also notes that “other personal information collected through use of the app” may have been accessed, though the specific details of this additional data have not been fully disclosed.

Potential Impact

While financial data like passwords or payment details do not appear to have been exposed, the stolen information still poses meaningful risks. The combination of an email address, a personal name, and a profile photo is a powerful toolkit for targeted phishing attacks, also known as spear-phishing. Criminals can use these details to craft highly convincing fake emails or messages that appear to come from Lovora, other trusted services, or even acquaintances. These messages often aim to trick you into revealing passwords, financial information, or downloading malware.

Furthermore, the exposure of data from a relationship app could be used for extortion, blackmail, or targeted harassment, especially if the app’s usage was intended to be private. Even without a password, your exposed email address will likely receive increased spam and scam attempts.

Recommendations

If you have ever used the Lovora app, you should take the following steps to protect yourself:

1. Be Extremely Wary of Phishing: Treat all emails or messages related to Lovora, relationships, or your personal life with heightened suspicion. Do not click on links or open attachments from unexpected or unverified senders. Remember, legitimate companies will not ask for your password via email.
2. Change Your Lovora Password: If you still use the app, immediately change your password to a new, strong, and unique one. Do not reuse this password on any other website or service.
3. Enable Multi-Factor Authentication (MFA): If Lovora offers multi-factor authentication (sometimes called two-step verification), enable it immediately. This adds a critical layer of security beyond just a password.
4. Consider Your Email Security: Since your email address is now in the hands of criminals, ensure the password for your email account is also strong and unique. Enabling MFA on your email account is one of the most important security steps you can take.
5. Monitor for Fraud: Be vigilant for any signs of identity fraud or unusual activity on your other online accounts, especially those that might use the same email address.

How to Check If You’re Affected

You can confirm if your data was involved in this breach by visiting the Have I Been Pwned website. This free service, run by security expert Troy Hunt, allows you to search for your email address across thousands of known data breaches.

• Go to: https://haveibeenpwned.com/
• Enter your primary email address (the one you used for Lovora) into the search bar.
• If your information was compromised in the Lovora breach, it will be listed among the results. The site also provides general guidance on what to do next.