Online Dating Site Breached

PlentyOfFish.com has been compromised and the company is blaming the messenger.

Online dating Web site
PlentyOfFish.com
has been hacked, exposing the personal information and passwords associated with almost 30 million accounts. However, the sites founder Markus Frind claims that only 345 accounts were successfully stolen.
While database breaches of this sort are, unfortunately,
a rather common occurrence
, the compromise of PlentyOfFish.com is notable for the companys ham-handed handling of the incident.
Rather than a sober admission of failure, apology, and promise to dedicate more resources to security -- standard operating procedure in breach damage control -- Frind posted a confusing personal account of the incident. Frinds rambling
blog post
accuses Argentinian hacker Chris Russo, who appears to have tried to notify Frind about the breach, of trying to extort money from PlentyOfFish and implies that former
Washington Post
security reporter Brian Krebs might somehow be involved.
Frind has since updated his blog post to clarify that Krebs wasnt involved, stating, I was trying to convey how the hacker tried to create a mass sense of confusion at all times so you never know whats real and what is not.
In answer to Frinds initial post, Krebs said that when companies respond to information about a breach by leveling accusations of involvement in an extortion plot, that usually means the breach is serious and that straightforward answers shouldnt be expected.
PlentyOfFish.com did not respond to a request for comment.
Krebs lays the blame for the compromise at the feet of PlentyOfFish, stating that its database was insecure and that the company violated a basic rule of computer security: storing user passwords as plain text rather that in encrypted form.
Companies that fail to take even this basic security step and then look for places to point the finger when they get hacked show serious disregard for the security and privacy of their users, he wrote in
a blog post
.
Jeremiah Grossman, founder and CTO of WhiteHat Security, more or less echoes this assessment. In an e-mail, he said that the breach demonstrated the vulnerability of corporate Web sites. PlentyOfFish had multiple security flaws -- including not encrypting user passwords -- but the nature of the attack demonstrates how companies Web sites are increasingly the entry point for corporate data theft, he wrote.
Update
: After this story was filed, Frind updated his blog with the following statement:
On January 18th, after days of countless and unsuccessful attempts, a hacker gained access to Plentyoffish.com database. We are aware from our logs that 345 accounts were successfully exported. Hackers attempted to negotiate with Plentyoffish to hire them as a security team. If Plentyoffish failed to cooperate, hackers threatened to release hacked accounts to the press.
The breach was sealed in minutes and the Plentyoffish team had spent several days testing its systems to ensure no other vulnerabilities were found. Several security measures, including forced password reset, had been imposed. Plentyoffish is bringing on several security companies to perform an external security audit, and will take all measures necessary to make sure our users are safe.
InformationWeek
has amended this article to reflect Frinds claim.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Online Dating Site Breached