A self-described 'elite' dating website called BeautifulPeople.com has reportedly suffered a database leak exposing personal details of 1.1 million users – including a massive 15 million personal messages sent between members.
Reports indicate that other leaked data includes a slew of personal user information such as sexual preference, weight, height, job, education, body type, income and home addresses. According to Forbes even location data of members signed up to the service is featured in the trove of data.
The unprotected database containing sensitive data was first uncovered by security researcher Chris Vickery in December 2015. In response to news of the leak, the team behind BeautifulPeople.com claimed the data was from a test server and therefore not a viable threat to users.
In a statement sent to Forbes, the website owners said: "We can confirm we were notified of a breach on December 24th of 2015 of one of our MongoDB test servers. This was a staging server and not part of our production data base. The staging server was immediately shut down."
However, according to Australian security researcher Troy Hunt, who manages the popular HaveIBeenPwned beach notification website, the data is not only online but is now being traded for money on the dark web. Hunt also said that over 150 government credentials had been used to sign up to the website. "I keep seeing a heap of gov stuff where it probably shouldn't be," he tweeted on 25 April.
IBTimes UK has contacted BeautifulPeople.com for comment but had received no response as of press time.
The incident is the latest cyberattack to hit dating websites. Earlier this year, a hacker successfully compromised Mate1.com and exposed millions of users. Meanwhile, in perhaps the most notorious hacking incident of 2015, a collective known as 'Impact Team' targeted adultery website Ashley Madison and posted the stolen data, including website source code, to the internet for everyone to see.
BeautifulPeople.com was criticised last year after removing thousands of members for "letting themselves go". As reported at the time, co-founder Genevieve Hodge said: "We take no pleasure in removing members, but it is a necessary evil in order to maintain the beautiful community and our prized business model." These beautiful members are being advised to change their passwords.
Vickery, the researcher who first uncovered the exposed database, is well-known for unearthing incidents of this nature. Most recently, he disclosed that 93.4 million Mexican citizens had been hit by breach of election details and that names, home addresses and ID numbers were left available.