A hacker called Mastermind has published a list of over 20 million email addresses to highlight the "outrageous" problem of dating websites using millions of fake profiles to trick customers into signing up to their service.
Speaking to IBTimes UK, the hacker said the reason for the attack was not to sell the stolen information but to highlight the fact that millions of fake profiles are used by all dating websites, which the hacker calls "outrageous" and "a dirty business".
The hacker posted a message on text-sharing website Pastebin (now removed) publicising the fact that more than 20 million emails from a dating website have been stolen.
While the hacker would not confirm where the 20 million email addresses came from, it has been reported they were stolen from Russian dating site Topface, though the service says there is no proof this is the case:
"At the moment we do not have any proven information that any data was stolen from Topface. We have a sophisticated security system and will investigate whether we were hacked or not," the website's CEO Dmitry Filatov said in an emailed statement to IBTimes UK.
Filatov added that Topface has "no access to [customer] passwords or any secure data. We also never keep any payment information or other secure information about our users." He added that even if the email addresses did come from Topface "users will not have any problems even if any data was stolen from our service."
When asked, the hacker said: "I wouldn't confirm or deny rumours that the site is Topface; however I can tell several email [have] been sent to the actual site about the vulnerability but they didn't respond."
The Topface website currently claims that over 91 million "guys and girls are waiting for you".
Database for sale
The hacker claims that reports the email database is for sale are incorrect, and while the hacker did think about selling the information, in the end they felt it was not worth it: "I thought about [selling the database] but I believe there are more important things in our world what we should pay attention to first."
Some suggested the stolen information contained passwords, usernames, and even credit card information, but the hacker says that the only information stolen was a cache of email addresses.
According to Daniel Ingevaldson, chief technology officer of fraud-detection software-maker Easy Solutions, 50% of the email addresses are for people based in Russia, with a further 40% for people located in the EU with a significant numbers of accounts from Hotmail, Gmail and Yahoo among the database.
Dating websites using people's profiles without their knowledge is not new, with a 2013 Panorama investigation finding that some websites were buying the personal data of members of the public to artificially boost the number of people who appeared to be using their services, thereby helping the sites attract more customers.
In response to that investigation, the Information Commissioner's Office (ICO) launched it's own inquiry, with Simon Entwisle, director of operations at the ICO saying at the time: "It's appalling that people's photographs are being used against a completely different set of personal details. What concerns me more than anything is the scale of this. It's not just an odd incident, it seems to me to be a matter of course and routine. And that gives me even greater cause for concern."