Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

Was Dating Website Breached?

Hacker Claims to Have Stolen 20 Million Credentials
Was Dating Website Breached?

A hacker going by the name "Mastermind" claims to have more than 20 million credentials stolen from an online dating site, according to security vendor Easy Solutions.

See Also: OnDemand | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

Russia-based Topface was the website hacked, Bloomberg reports. But Topface says it does not have any information that proves the data was stolen from its site. "We have a sophisticated security system and will investigate whether we were hacked or not," the company says.

The dating site noted that nearly all of its users use Facebook and other social networks to authorize themselves to access Topface. "We have no access to their passwords or any secure data," the company says.

"We also never keep any payment information or other secure information about our users," Topface says. "All the data that we have is e-mail address, which cannot be used alone to access any secure data. That is why we [are] pretty sure that our users will not have any problems even if any data was stolen from our service."

Breach Details

Included in the list of compromised credentials, which was allegedly posted to an online paste site, are more than 7 million Hotmail credentials, 2.5 million Yahoo credentials and 2.2 million credentials, says Daniel Ingevaldson, chief technology officer at Easy Solutions. The compromised credentials include usernames and e-mail addresses, he told Bloomberg. Ingevaldson says he discovered the breach after seeing a post by the thief on an online forum used by cybercriminals.

The list of credentials appears to be international in nature, with hundreds of domains listed from all over the world, Ingevaldson says in a blog. "Hackers and fraudsters are likely to leverage stolen credentials to commit fraud not on the original hacked site, but to use them to exploit password re-use to automatically scan and compromise other sites, including banking, travel and e-mail providers," he says.

Ingevaldson did not immediately respond to a request for additional comment.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.