Russian Dating Site Pays HackerTopface Confirms Breach Affecting 20 Million
In a statement posted on its website, Topface says an audit "has identified a vulnerability through which the hacker could get access to e-mail addresses of our users." The breach did not result in the access of other information, such as passwords or the content of the accounts, including private correspondence and photos, Topface says.
During its investigation, Topface was able to get in contact with the hacker who published online an offer to sell the breached e-mail database, the company says. The hacker has since deleted the information posted online, according to the online dating service.
"He has confirmed the findings of our investigation and has made an agreement with Topface for no further distribution of [the] acquired e-mail address database," Topface says. "Due to the fact that he has not passed the data to anyone and has no intention to do so in the future, we will not accuse him. Moreover, we have paid him an award for finding a vulnerability and agreed on further cooperation in the field of data security."
Included in the list of compromised credentials that was posted to an online paste site were more than 7 million Hotmail credentials, 2.5 million Yahoo credentials and 2.2 million Gmail.com credentials, said Daniel Ingevaldson, chief technology officer at Easy Solutions (see: Was Dating Website Breached?).
The compromised credentials included usernames and e-mail addresses, he told Bloomberg. Ingevaldson said he discovered the breach after seeing a post by the hacker on an online forum used by cybercriminals.
The list of credentials appeared to be international in nature, with hundreds of domains listed from all over the world, Ingevaldson said in a blog. "Hackers and fraudsters are likely to leverage stolen credentials to commit fraud not on the original hacked site, but to use them to exploit password re-use to automatically scan and compromise other sites, including banking, travel and e-mail providers," he said.
Neither Topface nor Easy Solutions immediately responded to a request for additional comment.