Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Facebook Security Social Networks The Internet

Hacker Leaks Data of 2.28 Million Dating Site Users 25

An anonymous reader quotes a report from ZDNet: A well-known hacker has leaked the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher. The dating site's data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked databases. The leaked data, a 1.2 GB file, appears to be a dump of the site's users database.

The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps. Some of the most sensitive data points included in the file include: Real names; Email addresses; City, state, and ZIP details; Body details; Dating preferences; Marital status; Birth dates; Latitude and longitude; IP addresses; Bcrypt-hashed account passwords; Facebook user IDs; and Facebook authentication tokens. Messages exchanged by users were not included in the leaked file; however, this does not make the entire incident less sensitive.
The data leak, which is still available for download, was released by a threat actor who goes by the name of ShinyHunters. They also were responsible for leaking the details of millions of users registered on Teespring.
This discussion has been archived. No new comments can be posted.

Hacker Leaks Data of 2.28 Million Dating Site Users

Comments Filter:
  • by 00Monkey ( 264977 ) on Monday January 25, 2021 @06:58PM (#60991440) Homepage

    2 million men and .28 million women, who are mostly employed by the site, as user base.

    • by marcle ( 1575627 )

      280,000 women employed by the site? That's a lot of staff.

      • by Anonymous Coward
        279,990 are bots...
    • Re: (Score:3, Funny)

      by Anonymous Coward

      Also in the data that was leaked, most common profile question/answer:

      Q: What do you want most in a woman?

      A: My cock.

  • by Anonymous Coward

    Leaks happen enough that developers should be scared into encrypting their data at-rest.
    Maybe even personal data tied to an account should be encrypted by the account holder's password. Conversation data could be encrypted with shared keys, transparent to the users.
    Yes if a system is breached then the attacker can modify the site's code to leak personal data, but at least it would prevent an attacker from dumping everyone's data in one go. Old dormant accounts would have their data remain encrypted.

    • Maybe even personal data tied to an account should be encrypted by the account holder's password.

      That would make it complicated to change the password wouldn't it? As a side effect, lose your password and you lose your data.

      • There's a concept called "derived keys" that allows for a key to be tied to an object or data without it being a 1:1 dependency.

        Basically, you take the actual encryption key (used to encrypt the data directly), and encrypt that key with a Key Encrypting Key (KEK). When you want to change the dependency, you simply re-encrypt the encryption key with a new KEK based on (for example) the new password.

        Takes microseconds to complete and has nearly all the benefits of re-encrypting the base data. It has the add

    • by Anonymous Coward

      Maybe even personal data tied to an account should be encrypted by the account holder's password.

      This is a dating website.

      How are they supposed to match like-individuals if they can't access the data you explicitly gave them to know what type of people to match you with?

      It sounds like you don't want other people to be able to see the information you entered for the purpose of other people seeing it.
      Instead of mucking with encryption, just don't enter it in the first place.

      When a person is looking for straight blonds age 25-30, the site needs to know that to return listings of people who are straight bl

  • by sacrilicious ( 316896 ) <qbgfynfu.opt@recursor.net> on Monday January 25, 2021 @07:27PM (#60991496) Homepage

    Some of the most sensitive data points included in the file include: ...Body details... Marital status

    Make that ALLEGED body details and marital status.

  • The response from MeetMindful.com: “We take your privacy and security seriously.”

  • and more time at the gym, maybe he would have got a date.

"Confound these ancestors.... They've stolen our best ideas!" - Ben Jonson

Working...