September 17, 2021 - Blog
Hacker sells 27 million passwords from dating site
A hacker claims to have sold the passwords for 27 million users of the dating site Mate1. The alleged sale was completed in a hacker forum called “Hell” located on the dark web, a portion of the internet accessible through the Tor browser. The Mate1 server was vulnerable and the hacker was able to bypass security measures and gain control of the server.
Reporting for Motherboard, Joseph Cox verified a sample of the login credentials the hacker was selling. “Out of 500 addresses, 498 were linked to accounts on Mate1.com.” The asking price for the database of 27 million login credentials was 20 bitcoin, about $8,700, though the final sale price has not been verified.
A running counter on the Mate1 website claims the site has over 31 million users. The hacker claimed to have originally found the login credentials for 40 million accounts, but that millions of those accounts belonged to bots. A bot is a program which performs an automated function such as sending or replying to messages. A similar discovery was made in the midst of the high profile Ashley Madison hack. According to Gizmodo, the Ashley Madison site had an army of female chat bots called “engagers” programmed to interact with male users, creating the illusion that the site was full of female members.
A dating site breach might not be viewed as having the same urgency as hackers attacking a bank or medical facility. Nonetheless, the exposure of such information can create a chain reaction in which credentials from the breach are used to facilitate other cybercriminal behavior. Many users recycle the same password across multiple accounts and cybercriminals are aware of this. Additionally, the aggregate profile information may be used to orchestrate targeted phishing attacks. As of this writing, Mate1 has not releasted a statement regarding the breach.