News Breached As Hacker Sells 40m User Data On Dark Web

data security-min
A hacker is currently selling the personal data of over 40m users of adult dating site on the dark web, new reports claim.

The hacker, known online as Peace of Mind has posted an advertisement on The Real Deal market – a place frequently used by hackers trying to sell stolen data – demanding approximately 0.6450 Bitcoin for the cache.

According to a sample obtained by Motherboard, the data contains the email addresses, usernames, clear-text passwords, IP addresses and dates of birth of 40,769,652 registered users.

The data has now been sold for 0.8888 Bitcoin, the equivalent of around $400.

Using the sample information provided, the site confirmed that out of 101 email addresses it examined, only 61 were already in use on Fling.

It also found that within the data, accounts were flagged with various settings, including “admin_disabled,” “user_disabled,” or “active”, however this showed no indication as to whether each email address was already in use or not on Fling. breached
Security expert Troy Hunt has also analysed the sample, contacting two victims, one of which confirmed their full password and the other noting that the beginning of the password was something they had used in the past.

Speaking about the data, Hunt said: “Fling could look at the info in that file and have absolute certainty that it came from their system.

“You can’t fabricate internal identifiers and time stamps and not be caught out as a fraud when they’re compared to an internal system.”

Fling confirms data breach

The adult social network – which claims to have 50m real members – has now verified the breach, but has also stated that the details were obtained as a result of a five-year-old data hack, which occurred back in 2011.

Responding to the hack, the owner of the domain told Motherboard: “We take internet security very seriously.

“Our site is free to join and we do not store any credit card information. We’ve investigated the sample data and it is from a breach that happened in 2011.”

Existing Fling users are now being advised to change their password as a precaution, especially if the same password has been used on other services.

This attack follows a number of other recent security breaches witnessed by dating companies, which have also seen the personal details of users stolen and posted online.

Earlier this month, a hacker claimed to have 57m user details that were stolen from dating site Zoosk, however this was proven false following an analysis by Troy Hunt.

And in April, elite dating site confirmed it had also suffered a data hack, leading to the personal details and private messages of 1.1m users appearing on the deep web.

Danielle White

Danielle is a Junior Reporter at Global Dating Insights. Originally from Reading, she has studied Multimedia Journalism at Bournemouth University and has a passion for writing and reporting. She enjoys travelling and likes to spend her free time socialising with friends and attending music events.

Global Dating Insights is part of the Industry Insights Group. Registered in the UK. Company No: 14395769