On January 18th, after days of countless and unsuccessful attempts, a hacker gained access to Plentyoffish.com database. We are aware from our logs that 345 accounts were successfully exported. Hackers attempted to negotiate with Plentyoffish to “hire” them as a security team. If Plentyoffish failed to cooperate, hackers threatened to release hacked accounts to the press.
Plentyoffish team had spent several days testing its systems to ensure no other vulnerabilities were found. Several security measures, including forced password reset, had been imposed. Plentyoffish is bringing on several security companies to perform an external security audit, and will take all measures necessary to make sure our users are safe.
Update*** Just to be clear krebs didn’t have anything to do with this. I was trying to convey how the hacker tried to create a mass sense of confusion at all times so you never know whats real and what is not.
A) Never mention the duration of attacks and unsuccessful attempts. This is like saying the big guy with the gun next to you is an idiot and has terrible aim.
B) Never mention exact number of hacked accounts. This is not transparency, its TMI.
C) POF didn’t bow to the demands of the alleged hacker. Remains to be seen if this was a good or a bad thing. Hacked profiles on a free dating site are not very interesting, especially when we’re all waiting for the wikileaks bank information to be decrypted.
D) Security audit: too little too late, but in the end it doesn’t really matter. POF has enough mindshare that this is probably going to be a blip on the radar. Perhaps a slight dip in revenue but with the timing of the attack right before Valentine’s Day, post-holiday ad spend reduction may hurt traffic and revenue for 2011.
I hope that Plentyoffish sister site eVow receives a security audit as well, especially since its a subscription site (not free).
If you’re going to hack a site, why hack a free one and argue with a guy like Markus? Pretty much a lose-lose situation all around.
Photo courtesy of CNET’s At Facebook, defense is offense.
(At Facebook) Taped to the wall are photos of spammers getting served notices of lawsuits, copies of checks defendants have used to settle suits filed by Facebook, mug shots of child predators who were kicked off the site and face criminal charges, cease and desist letters sent to fraudsters who sold fake Facebook accounts, and a letter from a former spam-happy teenager that starts “I appreciate that you spoke to my mom.”
Whereas many dating sites tend to practice somewhat lax security measures, meaning reactive situations like the one with PlentyOfFish, Facebook is fully built on top of strong offensive capabilities. Huge difference.