Online Dating Sites and Data Breaches
One of the last places that you want your privacy to be compromised, apart from your bank account, is in your very personal life. But that’s what’s happened to some users of popular dating sites in recent months.
It highlights the need for vigilance in the information you give, as well as the fact that even secure sites can be compromised.
Which Online Dating Sites were Affected?The popular dating site eHarmony was one of the sites which was affected by the security breach. As a result the site displayed a warning and asked members to consider changing their passwords.
The breach meant that users’ screen names, email addresses and even their passwords could be taken from the site and used to access their data. The breach wasn’t said to have affected very many of the site’s users, and the company maintains that only a a small percentage of users were asked to change their passwords.
The site that was the source of the problems was informational site eHarmony Advice, which apparently uses a completely separate database and web servers to the main eHarmony.com online dating site.
The hacker said to be responsible for getting into the system originates from Argentina, and was also said to be responsible for hacking into another online dating site.
He is said to have been arguing with the operators and appeared to be intent on highlighting the bugs he found. Whether this was for his own good rather than the millions of users of the site remains to be seen. He is also suspected of being behind a recent suspicious offer to sell a database which was said to be a copy of eHarmony’s compromised database – for a very large sum of money.
Plenty of Fish Lax on Password Security?The very popular dating site Plenty of Fish has around 30 million users - but according to Internet security experts, the well-respected website is reported to be putting the security of users at serious risk by storing all their passwords in a text format instead of in an encrypted form. Some web users are now jokingly referring to the site as ‘Plenty of Passwords’
The recent headline-grabbing lapse in online security means that potentially, the Plenty of Fish site, along with any other dating sites that refuse to encrypt users’ passwords, is facing a risk of serious security breaches from repeated hacker attacks. Plenty of Fish has already been the victim of a hacker who managed to get hold of customer account information which includes people’s passwords and other personal information about them. There are claims that only a few hundred accounts were actually compromised, but if yours was one of them, it’s not likely to be much of a reassurance.
Security expert Brian Krebs had said previously that the security breach was simply a result of the vulnerable system and accused PlentyOfFish.com of violating what he called the ‘basic security rules that apply online’ when it decided to store the passwords of customers as plain text.
The founder of Plenty of Fish accused Krebs of being ‘out to get him’ and the story seems to have become very messy indeed with accusations of blackmail from the same Argentinian hacker alleged to be behind the eHarmony attacks flying around – and even at one point, allegations that Plenty of Fish users were being systematically killed off! Although neither of these allegations have been proved, they have been making their way around the online dating community and worrying people who previously thought that their intimate dating encounters were at least subject to a reasonable degree of privacy.