Less than a year after the Ashley Madison debacle, another dating site has been subject to a hack with the personal details of 1.1 million users leaked on the internet.
The data from elite dating website BeautifulPeople.com includes private information such as sexual orientation, relationship status, income and address, as well as 15 million private messages sent between users. Other information being sold online includes weight, height, job, education, body type, eye and hair colour, email address and mobile phone number.
The stolen databasealso contained users' passwords, although this information was encrypted.
According toForbes, the leak was first revealed to the website in December 2015 by a security researcher Chris Vickery. At this point, BeautifulPeople.com said the information was from a test server and the security hole was quickly closed. However, it has now come to light that the information stolen was the personal information of the site's real users.
One person who obtained the database is Troy Hunt, an Australian security expert who runs leak website HaveIBeenPwned.com. He told Forbes he couldn't predict how much this data was being sold for or how it was being used. However, he was able to verify with BeautifulPeople.com that the user data was real personal details and they could be used to attempt to reset passwords, for example.
"We're looking at in excess of 100 individual data attributes per person," Hunt told Forbes. "Everything you'd expect from a site of this nature is in there."
A statement by BeautifulPeople.com said: "We can confirm we were notified of a breach on December 24th of 2015 of one of our MongoDB test servers. This was a staging server and not part of our production data base. The staging server was immediately shut down."
The company said it had told its users about the breach and confirmed passwords were encrypted and financial details were not included in the information originally leaked.
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
