Over one million users details stored by dating siteare now accessible online, following a hack at the end of last year.
While the intrusion itself isn’t news – it’s been known about since November 2015 – this is the first confirmation from a security researcher that the details obtained were indeed legitimate in many cases. The dating site previously said that it had taken place on a test server and that it “was a staging server and not part of our production database.”
According to Troy Hunt, a security researcher who runs HaveIBeenPwned (a site dedicated to letting people see if they’re details are available online), the data has now been sold online, though he doesn’t know who to or for how much, Forbes says. Hunt cited someone familiar with “data trading circles” as the source of the information.
Included in the trove are email addresses and sensitive information like phone numbers, but also more ‘innocuous’ sounding items like body type, hair colour, weight, job and, well, anything you’re likely to find in a dating profile. All info that should be pretty handy if trying to social engineer people into clicking onto malicious links in the future, so, no using your favorite TV show as your password anymore, OK.
Hunt noted that among the 1.1 million users details, there are 170 government (.Gov) email addresses. Honestly, when will people learn to stop signing up to dating services using a government email address?
I imagine that it’s about this point where the 1.8 million people who were apparently turned away from the site for being too ugly are pretty happy about that decision.
We’ve contactedbut hadn’t received a response at the time of writing.