Data from dating website stolen and sold

28. April 2016

As BBC just reported the data of more than a million members of the dating website www.beauftifulpeole.com has been sold online. The traded data not only included the weight, height, job, and phone numbers of members but further more income, sexual preferences, smoking and drinking habits and relationship status. The firm stated that the data belonged to members, who joined before July 2015 and that no passwords or financial information were included.

The data has now been sold on the online black market, said security expert Troy Hunt, an Australian security expert, who runs the website HaveIBeenPwned.com, where people can verify whether their data has been leaked. Although he does not know exactly where or for how much money the data was sold, he stated that by selling data tens of thousands of dollars can be earned, bearing in mind that the data originally can cost as little as $300.

Chris Vickery, security researcher, told the BBC that the affected company acted quickly after notifying them that he had discovered it. However, the data had then already been sold. He went on by saying that “they published it openly to the world with no protection whatsoever”. This is a contradiction to the company’s statement that the content was from a test server. Therefore, Vickery added that “whether or not it’s in the test database makes no difference if it’s real data”. His analysis is further supported as a second researcher had identified the same weakness on the same day.

However in a statement BeautifulPeople said that “the breach involves data that was provided by members prior to mid-July 2015. No more recent user data or any data relating to users who joined from mid-July 2015 onward is affected”.

David Emm, principal security researcher at Kaspersky Lab commented on the stolen and sold data by summarizing “now it’s public, cybercriminals have the opportunity to use this information to steal personal identities or more” and added “unfortunately, once a breach of this nature has been made, there is not much that can be done.”

Emm went by giving the advise that “organisations need to take action and use more data, analytical insights and triangulation of multiple-identity proofing techniques to minimise the potential effects of identity theft for both the user and the businesses serving them”.

 

Category: USA
Tags: