Data Breach Affects 1.1 Million Customers of Beautiful People Dating Website
BeautifulPeople.com, a dating website that only lets people join after they’ve been deemed desirable by existing members, was recently breached. The personal data of 1.1 million members was stolen from an insecure database and listed for sale on the black market. Forbes has reported that 15 million private messages between users may also have been leaked.
Security researcher Chris Vickery first uncovered a problem in December 2015 when he discovered that MongoDB, a database-management software used by BeautifulPeople.com, had blank default credentials. This meant that anyone who used the server without setting up their own password would be vulnerable to hackers.
“A database came up called, I believe, Beautiful People. I looked in it, and it had several sub-databases. One of those was called Beautiful People, and then it had an accounts table that had 1.2 million entries in it,” says Vickery. “When that type of thing comes up and it’s called ‘Users,’ you know you’ve hit something interesting that shouldn’t be available.”
Vickery told BeautifulPeople.com that their database was exposed, and they secured it–apparently not quickly enough, though, as someone acquired the information and is now selling it on the black market.
BeautifulPeople.com told Wired that: “The breach involves data that was provided by members prior to mid July 2015. No more recent user data or any data relating to users who joined from mid July 2015 onward is affected.” The company also said that it is notifying affected members.
While no passwords or financial data were exposed, members’ sexual preference, physical characteristics, relationship status, income and address were all leaked.