[Nextgrid]

Increased volume of password resets would indeed suggest an attack, though it can also be explained by benign reasons (redesign of the app, marketing campaign prompting previous users to log back in, news exposure, the pandemic increasing loneliness and making more people use dating apps, etc).

However the biggest risk here is that small, targeted attacks distributed over time (where a single attacker only targets a handful of accounts) wouldn't stand out in the overall statistics.

In case of this incident, small-scale attacks (where a single person targets a single account of someone they don't like) are actually more likely which is why them saying they do not believe this was exploited while being completely unable to detect these attacks is so misleading and lures people into a false sense of security.