There has been another huge hack of an online dating site.
The data of over 1.1m users of elite dating site BeautifulPeople.com has been stolen and sold by hackers on the deep web, new reports claim.
The personal data stolen from the site includes users’ names, addresses, sexual preferences, relationship status and income.
The hack is also said to include 15m private messages sent between users.
The site calls itself an “exclusively beautiful community”, and an “elite online club, where every member works the door”.
This is because users are only accepted if they are approved by current, “beautiful”, members.
And now the niche dating site is the latest to be breached by hackers, and have its user data traded on shady parts of the internet.
Details of the hack were first passed on to Forbes in December 2015 by a researcher named Chris Vickery.
The 31-year-old discovered that a server for BeautifulPeople.com had been breached, but at the time the elite dating company said it was only a test server, and it had been quickly patched up.
However before being patched up, it seems the personal data of 1.1m users was stolen by hackers, and is now being sold on “data trading circles” on the deep web.
As Vickery told Wired, the distinction between a real server and a test server “makes no effing difference in the world. If it’s real data that’s in a test server, then it might as well be a production server.”
The new information about the BeautifulPeople.com user data being traded online comes from Troy Hunt, a researcher that created HaveIBeenPwned.com, a site that lets internet users check if their personal information has been hacked in high profile breaches.
The Australian researcher also said the data includes height, job, education, email addresses, phone numbers, as well as location (via longitude and latitude), as well as users’ personal interests and smoking & drinking habits.
Hunt told Forbes: “We’re looking at in excess of 100 individual data attributes per person. Everything you’d expect from a site of this nature is in there.”
Interestingly, Hunt also found that, as with the Ashley Madison hack, 170 profiles were found that used the email ending .gov.
There are also 170 .gov email addresses in the Beautiful People breach. I keep seeing a heap of gov stuff where it probably shouldn’t be…
– Troy Hunt (@troyhunt) April 25, 2016
“The data said to be accessible on the ‘dark web’ is the same data as the two security researches accessed and downloaded in the December 2015 breach.
“The breach involves data that was provided by members prior to mid July 2015. No more recent user data or any data relating to users who joined from mid July 2015 onward is affected.”
The site also said that all impacted members are being notified again about the breach, while also noting that credit card information was not stolen & users’ passwords were encrypted.
More on this story as it breaks.