A hacker posting on Hell, a forum on the dark web, claims he has succeeded in stealing the account usernames, passwords and email addresses for 27 million people using the online dating website Mate1.com.
Mate1.com is an international dating site subscription service that claims it currently has 31.5 million users across the world. According to a forum post seen by Motherboard Vice, a hacker has succeeded in breaching the website, stealing the account details for over 27 million users, and then selling the details on to someone else through a deal brokered on the Hell forum.
The hacker said that the he managed to compromise the Mate1.com server and use command access to look at the MySQL database and then download parts of it. Initially he claimed that he received 40 million accounts, but some of the accounts belonged to bots that he rooted out
He told Motherboard Vice that Mate1.com has lax security that does not require users to log into their email to authenticate the sign-up process, which means that anyone can log onto the website, start an account and make a dating profile with an email address that doesn't belong to them or even exist, similar to the accounts seen during the Ashley Madison extra-marital affairs website data breach.
A vast majority of the email addresses being used were Gmail accounts, and the hacker says that Mate1 does not store passwords with any kind of hashing for encryption, so if you say that you have forgotten your password, it will be sent to the corresponding email in plain text. It is not known how much the hacker eventually sold the data for, although he was offering it on the forum for 20 Bitcoins ($8,600, £6,121).
IBTimes UK has contacted Mate1 and is awaiting a response.
It seems that Mate1's security isn't as good as other online dating services, but the real danger here is that the same users could be logging in to other important services using the same username and password, and the data breach would mean that hackers could attempt to compromise those accounts too, besides spying on the personal details and private information shared by those looking for love.