Incident & Breach Response , Security Operations
Was Dating Website Breached?
Hacker Claims to Have Stolen 20 Million CredentialsA hacker going by the name "Mastermind" claims to have more than 20 million credentials stolen from an online dating site, according to security vendor Easy Solutions.
See Also: OnDemand | Realities of Choosing a Response Provider
Russia-based Topface was the website hacked, Bloomberg reports. But Topface says it does not have any information that proves the data was stolen from its site. "We have a sophisticated security system and will investigate whether we were hacked or not," the company says.
The dating site noted that nearly all of its users use Facebook and other social networks to authorize themselves to access Topface. "We have no access to their passwords or any secure data," the company says.
"We also never keep any payment information or other secure information about our users," Topface says. "All the data that we have is e-mail address, which cannot be used alone to access any secure data. That is why we [are] pretty sure that our users will not have any problems even if any data was stolen from our service."
Breach Details
Included in the list of compromised credentials, which was allegedly posted to an online paste site, are more than 7 million Hotmail credentials, 2.5 million Yahoo credentials and 2.2 million Gmail.com credentials, says Daniel Ingevaldson, chief technology officer at Easy Solutions. The compromised credentials include usernames and e-mail addresses, he told Bloomberg. Ingevaldson says he discovered the breach after seeing a post by the thief on an online forum used by cybercriminals.
The list of credentials appears to be international in nature, with hundreds of domains listed from all over the world, Ingevaldson says in a blog. "Hackers and fraudsters are likely to leverage stolen credentials to commit fraud not on the original hacked site, but to use them to exploit password re-use to automatically scan and compromise other sites, including banking, travel and e-mail providers," he says.
Ingevaldson did not immediately respond to a request for additional comment.