SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
27 Apr 2016

BeautifulPeople.com leaks very private data of 1.1 million daters

Sexual preference. Relationship status. Income. Address. These are just some details applicants for the controversial dating site BeautifulPeople.com are asked to supply before their physical appeal is judged by the existing user base, who vote on who is allowed in to the “elite” club based on looks alone.

All of this, of course, is supposed to remain confidential. But much of that supposedly-private information is now public, thanks to the leak of a database containing sensitive data of 1.1 million BeautifulPeople.com users.

The leak, according to one researcher, also included 15 million private messages between users. Another said the data is now being sold by traders lurking in the murky corners of the web. News of the breach was passed initially in December 2015 by researcher Chris Vickery. At the time, BeautifulPeople.com said the compromised data came from a test server, which was quickly locked up. It did not appear to be a serious incident. But the information – which now appears to be real user data despite being hosted on a non-production server - was taken by one or more less-than-scrupulous individuals before the lockdown, making it out into the dirty world of data trading this year.

That’s according to Troy Hunt, an Australian security expert who runs the website HaveIBeenPwned.com, where people can check if their own information has been leaked in some of the biggest breaches in recent memory, from Adobe to Ashley Madison. The data has been traded online, Hunt said, though he doesn’t know where or for how much (such troves can fetch tens of thousands of dollars, though can cost as little as $300, as seen in a recent sale of 4 million Naughty America accounts). The contact who handed Hunt the data operated in “data trading circles”, he said. They declined to be interviewed for this article.

Hunt verified the Beautiful People breach with users of his site and carried out further checks alongside those done. For instance, it was possible to try to reset passwords using leaked login details; the site rejected attempts to do so when email addresses were not in use, making it possible to check if someone was signed up. A handful of nearly 2000 email addresses obtained by experts didn’t appear to be linked to an account on the site, but most were.

Other leaked data included weight, height, job, education, body type, eye colour and hair hue, as well as email address and mobile phone number. Location data, in the form of latitude and longitude, were also leaked, along with smoking and drinking habits, interests and favourite TV shows, movies and books. Anyone using the site expecting privacy should now consider themselves exposed, right down to their appearance, whereabouts and interests.

“We’re looking at in excess of 100 individual data attributes per person,” Hunt told. “Everything you’d expect from a site of this nature is in there.” Vickery said the database he’d obtained contained 15 million messages between users. One exchange shown to experts involved users asking for prurient pictures of one another. A separate message read: “I didn’t even think to look for a better photo because the brits, on average, are some ugly motherf***ers anyway.” This would appear to chime with BeautifulPeople.com’s own “research”.

Two BeautifulPeople.com users confirmed their information was in the leaked database, which also contained encrypted passwords. They shared their entries as found in the database, which showed an entry for descriptions of themselves, revealing more private details about their personal lives. One confirmed the latitude and longitude details were correct, pointing to Cambridge, UK, where they’d signed up.

BeautifulPeople.com, which brags about being “the largest network of attractive people in the world”, has courted controversy in the past by removing thousands of users from the service for not being attractive enough. In 2009, it boasted 1.8 million “ugly people” had been denied access to the site. In 2010, 5,000 were culled after gaining too much weight over a festive break. Last year, weight gain and ageing led to another 3,000 being thrown out.

Today, the company re-sent its original statement on the breach, first received in December. “We can confirm we were notified of a breach on December 24th of 2015 of one of our MongoDB test servers. This was a staging server and not part of our production data base. The staging server was immediately shut down.” The company claimed all affected members were informed of “the vulnerability” in December, whilst noting passwords were encrypted and no financial data was exposed.

Experts asked the two users if they had been warned about any security issue in December. They said they had not. BeautifulPeople.com had not responded to requests for further comment on the breach. The information was stored in a MongoDB database, left open to anyone who knew the right web address. Many such databases have been left open in recent months, as found by Vickery. Last week, Vickery, currently a security researcher with MacKeeper, discovered a huge trove of 93.4 million Mexican voter records in an unsecured MongoDB database. He’d already uncovered 191 million US voter records in late 2015, as well as 13 million MacKeeper users’ information kept in unprotected MongoDB stores.

BeautifulPeople.com is far from the only dating site to have suffered a breach in recent months. In February, a hacker claimed to have compromised Mate1, offering 27 million user passwords for 20 bitcoin (worth around $8,700 at the time). Ashley Madison, whose entire adulterous business was turned inside out and its 37 million users exposed, suffered the most ignominious dating site breach in mid-2015. In light of reported suicides linked to the event, it was, perhaps, the most harmful hack of all time. Anyone concerned their information leaked in any of those dating site breaches can check on Hunt’s website, HaveIBeenPwned.com.

Tags:
hackers information leaks
Source:
Forbes
2000
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015