Hacker Leaks Data of 2.28 Million Dating Site Users 25
An anonymous reader quotes a report from ZDNet: A well-known hacker has leaked the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher. The dating site's data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked databases. The leaked data, a 1.2 GB file, appears to be a dump of the site's users database.
The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps. Some of the most sensitive data points included in the file include: Real names; Email addresses; City, state, and ZIP details; Body details; Dating preferences; Marital status; Birth dates; Latitude and longitude; IP addresses; Bcrypt-hashed account passwords; Facebook user IDs; and Facebook authentication tokens. Messages exchanged by users were not included in the leaked file; however, this does not make the entire incident less sensitive. The data leak, which is still available for download, was released by a threat actor who goes by the name of ShinyHunters. They also were responsible for leaking the details of millions of users registered on Teespring.
The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps. Some of the most sensitive data points included in the file include: Real names; Email addresses; City, state, and ZIP details; Body details; Dating preferences; Marital status; Birth dates; Latitude and longitude; IP addresses; Bcrypt-hashed account passwords; Facebook user IDs; and Facebook authentication tokens. Messages exchanged by users were not included in the leaked file; however, this does not make the entire incident less sensitive. The data leak, which is still available for download, was released by a threat actor who goes by the name of ShinyHunters. They also were responsible for leaking the details of millions of users registered on Teespring.
where's the link? (Score:2)
Statistics Show... (Score:5, Funny)
2 million men and .28 million women, who are mostly employed by the site, as user base.
Re: (Score:2)
2 million men and .28 million women, who are mostly employed by the site, as user base.
You are way off. 2.27M men and .01M women is more like it....
Actually not. A lot of men have simply given op on the idea of dating. So these sites are left with mostly thirsty women, and there are a few of the so called "Chads and Tyrones" who get laid a lot. But most women on these dating sites do not find most of the men on the sites attractive at all. https://www.yourtango.com/2016... [yourtango.com]
So why sign up for that abuse?
Re: (Score:2)
280,000 women employed by the site? That's a lot of staff.
Re: (Score:1)
Re: (Score:3, Funny)
Also in the data that was leaked, most common profile question/answer:
Q: What do you want most in a woman?
A: My cock.
Being paranoid (Score:2)
Leaks happen enough that developers should be scared into encrypting their data at-rest.
Maybe even personal data tied to an account should be encrypted by the account holder's password. Conversation data could be encrypted with shared keys, transparent to the users.
Yes if a system is breached then the attacker can modify the site's code to leak personal data, but at least it would prevent an attacker from dumping everyone's data in one go. Old dormant accounts would have their data remain encrypted.
Re: (Score:2)
Maybe even personal data tied to an account should be encrypted by the account holder's password.
That would make it complicated to change the password wouldn't it? As a side effect, lose your password and you lose your data.
Re: (Score:2)
There's a concept called "derived keys" that allows for a key to be tied to an object or data without it being a 1:1 dependency.
Basically, you take the actual encryption key (used to encrypt the data directly), and encrypt that key with a Key Encrypting Key (KEK). When you want to change the dependency, you simply re-encrypt the encryption key with a new KEK based on (for example) the new password.
Takes microseconds to complete and has nearly all the benefits of re-encrypting the base data. It has the add
Re: (Score:1)
Maybe even personal data tied to an account should be encrypted by the account holder's password.
This is a dating website.
How are they supposed to match like-individuals if they can't access the data you explicitly gave them to know what type of people to match you with?
It sounds like you don't want other people to be able to see the information you entered for the purpose of other people seeing it.
Instead of mucking with encryption, just don't enter it in the first place.
When a person is looking for straight blonds age 25-30, the site needs to know that to return listings of people who are straight bl
Take with grain of salt (Score:5, Funny)
Some of the most sensitive data points included in the file include: ...Body details... Marital status
Make that ALLEGED body details and marital status.
At least its not Fetlife (Score:2)
phew I'm safe.
Re: (Score:2)
For now maybe but they might be next, who knows? :)
Then I better upload more (Score:2)
interesting photos :P
Re: (Score:2)
Fetlife knows how to keep up discipline in its web security teams.
We take your privacy and security seriously (Score:2)
The response from MeetMindful.com: “We take your privacy and security seriously.”
If that hacker spent less time hacking... (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Perhaps the person he wanted to go on a date with made this a prerequisite.