A hacker named “Mastermind” says he stole the details of over 20m users from a dating site.
Security experts Easy Solution wrote a blog saying that a dating site had been breached, and the hacker had posted the user details on Pastebin.
Following this, Bloomberg alleged the site in question was Russian dating service Topface.
In a statement, the CEO of St Petersburg-based Topface, Dmitry Filatov, said they had no proof of the breach, but were investigating the issue.
The hacker said he stole the details and posted them online not in order to sell the information, but rather to highlight the security limitations of some dating sites.
He said the details were 100% valid, and included over 7m user credentials from Hotmail, 2.5m from Yahoo and 2.2m from Gmail.
Easy Solution said the list is international, with hundreds of domains listed from all over the world.
CTO Daniel Ingevaldson said: “Hackers and fraudsters are likely to leverage stolen credentials to commit fraud not on the original hacked site, but to use them to exploit password re-use to automatically scan and compromise other sites including banking, travel and email providers.”
Ingevaldson said this was part of a new move by criminals to increase spear phishing, as acquiring email databases with a relevant motive is the first step.