Contributed by: ElyseRomano Wednesday, February 02 2011 @ 05:41 pm
One of the world's largest free online dating sites, PlentyOfFish.com, has been hacked. The site released the following official statement:
On January 18th, after days of countless and unsuccessful attempts, a hacker gained access to Plentyoffish.com database. We are aware from our logs that 345 accounts were successfully exported. Hackers attempted to negotiate with Plentyoffish to "hire" them as a security team. If Plentyoffish failed to cooperate, hackers threatened to release hacked accounts to the press.
The breach was sealed in minutes and the Plentyoffish team had spent several days testing its systems to ensure no other vulnerabilities were found. Several security measures, including forced password reset, had been imposed. Plentyoffish is bringing on several security companies to perform an external security audit, and will take all measures necessary to make sure our users are safe.
In an extremely strange and rambling blog post, PlentyOfFish CEO Markus Frind tells his side of the story. He describes the event as an "an incredibly well planned and sophisticated attack," and says that the man responsible, a 23 year old hacker named Chris Russo who allegedly also hacked the popular torrent site The Pirate Bay, harassed his wife and blamed the security breach on "the Russians." According to the post, Frind's wife received a call from Russo saying that PlentyOfFish had been hacked, and that "Russians have taken over his computer and are trying to kill him, and his life is in extreme danger and they are currently downloading plentyoffish's database." Frind says that he was listening in the background, closed the security breach, and immediately ordered an investigation.
Frind goes on to say that Russo demanded that he fly to either Argentina or Washington, D.C. in order to stop "the attacks from the Russians," who supposedly had access to their bank accounts and were looking to steal $30 million from a string of dating sites. According to Frind, Russo also claimed that 5 or 6 other dating sites had been breached, and then gave Frind the administrative password for eHarmony.com to prove the validity of his claim.
Reactions to the hack have been strong. Dave Evans, an analyst who follows the online dating industry, told CTV News that Frind is "a self-made millionaire who's a total hardcore geek and has built most of the site himself." He continues to express disappointment, saying that Frind "hasn't spent evidently any time on securing passwords" and calling his actions "a lack of respect for your members."
In the same article, PlentyOfFish forum user fnord is quoted as saying "The site owner didn't think it was important to notify the users...but did find it important enough to go off on a crazed diatribe on his personal blog. Despite claiming to have plugged the security hole, Plenty of Fish is still sending out passwords in plain text, which is just this side of just posting them on the Internet for everyone to see." User QuasarDJ adds "I have grave concerns about the security of my personal information on the Plenty of Fish site and I've yet to see even the most simple updates to guard against these problems."
While the convoluted story has yet to be completely confirmed, it's clear that a hack of PlentyOfFish has occurred and that it's in the best interest of all members to change their username, email, and password combinations, particularly if they are also used on other sites.
For more information on this dating site you can read our review of PlentyofFish.