Personal details, such as the address, sexual preferences, incoming messages, of users on the online dating site BeautifulPeople.com are for sale on the dark web.
BeautifulPeople.com is a dating site mostly known that the company claims it has an “exclusively beautiful community”, the website’s users are mostly elites. The data breach had been occurred about five months ago, however, according to cybersecurity expert Troy Hunt, most of the hacked profiles were taken during a short period of time, a window of opportunity, the hackers used to lay hands on the victims’ details.
BeautifulPeople told in a statement that the breach “only” involved data that was entered on the website before mid-July 2015 and the affected users had already been notified. They have known of the hacker attack since December when security experts found a BeautifulPeople database that was left vulnerable in the website’s servers. One of the experts, Chris Vickery at MacKeeper, reported on the breach and contacted the website to repair the security hole caused by the attackers. BeautifulPeople made this official statement regarding the data breach:
“The privacy and security of our members is of paramount importance to us, and this matter is being investigated. All impacted members are, of course, being notified once again. The data does not contain any credit card information and user passwords are encrypted. As far as we were aware, at that time, only the two security researchers who informed us of the breach had access to this data. The data said to be accessible on the ‘dark web’ is the same data as the two security researchers accessed and downloaded in the December 2015 breach.”
Vickery, when asked, denied any role in leaking the data:
“I operate above reproach and would never do such a thing,” Vickery told the media.
Most of the stolen data includes the addresses, email addresses, height, employment, education, income and locations visited by the victims. About 15 million messages were also made public by the hackers.
According to Hunt, 170 profiles were discovered from United States government employees who signed up under their .gov email addresses to the website.