Russian dating site Topface has confirmed it has paid off a hacker who revealed a flaw in its security systems, through which he stole 20 million email addresses.
Earlier this week a hacker called Mastermind published a list of over 20 million email addresses obtained from the dating website to highlight the "outrageous" problem of such sites using millions of fake profiles to trick customers into signing up to their service.
At the time the identity of the website was unconfirmed but it has now been revealed that it was - as suspected - Topface, a Russia-based dating site.
It has also been revealed that the hacker has been paid by the website and will be working with Topface in an on-going capacity. The website's CEO Dmitry Filatov told IBTimes UK:
We also were able to find and contact the hacker who published (and then deleted them) the ads with an offer to sell email database. He has confirmed the findings of our investigation and has made an agreement with Topface for no further distribution of acquired email addresses database. Due to the fact that he has not passed the data to anyone and has no intention to do so in the future, we will not accuse him, moreover, we have paid him an award for finding a vulnerability and agreed on further cooperation in the field of data security.
Speaking to IBTimes UK the hacker previously said the reason for the attack was not to sell the stolen information but to highlight the fact that millions of fake profiles are used by all dating websites, which the hacker calls "outrageous" and "a dirty business".
An attempt to contact the hacker today (30 January) via the same email address proved unsuccessful.
Filatov said that Topface did not store any billing information belonging to its customers and that only email addresses were stolen in the attack. Despite no password details being leaked, Topface has notified its users who use email as a login to change their passwords.
Filatov added: "Despite the fact that we are confident in the absence of any effects of the incident for our user, we are sorry for the inconvenience caused and applying notably improved data protection system on the service."