Breach Notification , Incident & Breach Response , Managed Detection & Response (MDR)

Russian Dating Site Pays Hacker

Topface Confirms Breach Affecting 20 Million
Russian Dating Site Pays Hacker

The Russian online dating site Topface says it has made a payment to a hacker who discovered a vulnerability on the site that enabled him to breach it, exposing 20 million e-mail addresses.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

In a statement posted on its website, Topface says an audit "has identified a vulnerability through which the hacker could get access to e-mail addresses of our users." The breach did not result in the access of other information, such as passwords or the content of the accounts, including private correspondence and photos, Topface says.

During its investigation, Topface was able to get in contact with the hacker who published online an offer to sell the breached e-mail database, the company says. The hacker has since deleted the information posted online, according to the online dating service.

"He has confirmed the findings of our investigation and has made an agreement with Topface for no further distribution of [the] acquired e-mail address database," Topface says. "Due to the fact that he has not passed the data to anyone and has no intention to do so in the future, we will not accuse him. Moreover, we have paid him an award for finding a vulnerability and agreed on further cooperation in the field of data security."

Breach Details

Included in the list of compromised credentials that was posted to an online paste site were more than 7 million Hotmail credentials, 2.5 million Yahoo credentials and 2.2 million credentials, said Daniel Ingevaldson, chief technology officer at Easy Solutions (see: Was Dating Website Breached?).

The compromised credentials included usernames and e-mail addresses, he told Bloomberg. Ingevaldson said he discovered the breach after seeing a post by the hacker on an online forum used by cybercriminals.

The list of credentials appeared to be international in nature, with hundreds of domains listed from all over the world, Ingevaldson said in a blog. "Hackers and fraudsters are likely to leverage stolen credentials to commit fraud not on the original hacked site, but to use them to exploit password re-use to automatically scan and compromise other sites, including banking, travel and e-mail providers," he said.

Neither Topface nor Easy Solutions immediately responded to a request for additional comment.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.