Online dating site Mate1.com has apparently had the details of 27m users stolen by a hacker from the dark web.
According to Motherboard, a hacker has claimed he sold the plaintext passwords and email addresses of a huge portion of the site’s claimed 36.5m users.
The unnamed hacker told the site: “Their server was compromised and the MySQL database was dumped. I had shell/command access to their server.”
The asking price for the database was 20 bitcoin – worth around $8,700 – but it isn’t clear whether that was how much the data was sold for.
And while researching the hack, Motherboard used the “forgotten password” feature, and found that their password was just emailed back to them in plaintext.
They said:
“In order to create an account on the site, users are not required to click a verification link in their email, so there is every chance that some of the email addresses may have been signed up to the service by people who don’t actually own them. (This was also the case on extra-martial affairs site Ashley Madison.)
“There were also some email addresses in the sample that contained spelling errors, such as “gmaile” instead of “gmail,” indicating that they might not be functional. The vast majority of the sample used Gmail accounts, however.”
And out of a database sample of 500 they were sent, they found that 498 were linked to Mate1.com accounts.
This means that users of Mate1 are encouraged to change their passwords, as it is likely any that are duplicated with their Mate1 account could be compromised by those who bought the hacked database.
We will update with more on this story.