Attacks/Breaches
1/31/2011
04:23 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Online Dating Site Breached

PlentyOfFish.com has been compromised and the company is blaming the messenger.

Online dating Web site PlentyOfFish.com has been hacked, exposing the personal information and passwords associated with almost 30 million accounts. However, the site's founder Markus Frind claims that only 345 accounts were successfully stolen.

While database breaches of this sort are, unfortunately, a rather common occurrence, the compromise of PlentyOfFish.com is notable for the company's ham-handed handling of the incident.

Rather than a sober admission of failure, apology, and promise to dedicate more resources to security -- standard operating procedure in breach damage control -- Frind posted a confusing personal account of the incident. Frind's rambling blog post accuses Argentinian hacker Chris Russo, who appears to have tried to notify Frind about the breach, of trying to extort money from PlentyOfFish and implies that former Washington Post security reporter Brian Krebs might somehow be involved.

Frind has since updated his blog post to clarify that Krebs wasn't involved, stating, "I was trying to convey how the hacker tried to create a mass sense of confusion at all times so you never know what's real and what is not."

In answer to Frind's initial post, Krebs said that when companies respond to information about a breach by leveling accusations of involvement in an extortion plot, that usually means the breach is serious and that straightforward answers shouldn't be expected.

PlentyOfFish.com did not respond to a request for comment.

Krebs lays the blame for the compromise at the feet of PlentyOfFish, stating that its database was insecure and that the company violated a basic rule of computer security: storing user passwords as plain text rather that in encrypted form.

"Companies that fail to take even this basic security step and then look for places to point the finger when they get hacked show serious disregard for the security and privacy of their users," he wrote in a blog post.

Jeremiah Grossman, founder and CTO of WhiteHat Security, more or less echoes this assessment. In an e-mail, he said that the breach demonstrated the vulnerability of corporate Web sites. "PlentyOfFish had multiple security flaws -- including not encrypting user passwords -- but the nature of the attack demonstrates how companies' Web sites are increasingly the entry point for corporate data theft," he wrote.

Update: After this story was filed, Frind updated his blog with the following statement:

"On January 18th, after days of countless and unsuccessful attempts, a hacker gained access to Plentyoffish.com database. We are aware from our logs that 345 accounts were successfully exported. Hackers attempted to negotiate with Plentyoffish to 'hire' them as a security team. If Plentyoffish failed to cooperate, hackers threatened to release hacked accounts to the press.

The breach was sealed in minutes and the Plentyoffish team had spent several days testing its systems to ensure no other vulnerabilities were found. Several security measures, including forced password reset, had been imposed. Plentyoffish is bringing on several security companies to perform an external security audit, and will take all measures necessary to make sure our users are safe."

InformationWeek has amended this article to reflect Frind's claim.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ourteennetwork.com
100%
0%
ourteennetwork.com,
User Rank: Apprentice
8/31/2014 | 3:22:25 PM
WOW
It is truly amazing how these hackers o after sites like POF! Why its a free dating site so no credit card info nothing.. From the sounds of it POF didn't even seem to care.. So why even hack them? All I can come up with is that competitor sites are the real ddos attackers and email pirates of most websites! 
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
Hyatt Hit With Another Credit Card Breach
Dark Reading Staff 10/13/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.