Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 1st, 2011

PlentyOfFish Resets User Passwords After Registration Details Theft

Online dating website PlentyOfFish has reset user passwords after hackers managed to extract people’s registration information by exploiting vulnerabilities in the platform. The dating site, which is very popular in Canada, UK and the United States, has over 145 million visitors a month and over 10 million registered users.

According to independent security journalist Brian Krebs, the compromise was first reported by an Argentinian hacker named Chris “Ch” Russó who demonstrated a proof-a-concept to him.

Russó has previously hacked into and exposed vulnerabilities into the website. He views himself as a security researcher. The hacker claims that he is not the only one to have obtained unauthorized access to the PlentyOfFish database and that the site’s database is being circulated in the hacking community.

In a lengthy post on the company’s blog, PlentyOfFish founder Markus Frind tells a different story, one where Russó tried to force his company into signing a contract for security services with him.

Frind described Russó’s actions as harassment against his company, himself and especially his wife, whom the hacker called over the phone on several occasions.

“Plentyoffish was hacked last week and we believe emails usernames and passwords were downloaded,” Frind wrote in his original post. “We have reset all users passwords and closed the security hole that allowed them to enter,” he stressed.

In a later statement, the company noted that only 345 accounts had their password exposed, which would make it a relatively limited breach. It’s therefore not entirely clear if passwords were reset for the entire user base or only for those that have been confirmed as compromised.

If all users had their passwords reset, it might be the result of the introduction of a hashing algorithm, as this attack revealed that PlentyOfFish access codes were being stored in plain text, which is a major security oversight.

Credit: News

Share this item with others:

More on CyberInsecure:
  • Online Music Service Breached By Hackers
  • The Guardian Newspaper Loses 500,000 CVs
  • Gamers Accounts Hacked In Sony Playstation Store
  • WordPress 2.6.2 Released Due To PHP Weakness That Might Lead To Attack
  • And 55 Additional Adult Websites Compromised, 26000 Emails And Passwords Posted Online

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: PlentyOfFish Resets User Passwords After Registration Details Theft

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.