14 DAY TRIAL // A database containing details of more than 20 million users of an online dating website has been allegedly stolen by a hacker.
It is unclear at the moment if the information has been dumped into the public domain, but someone using the online alias “Mastermind” claims to have it, according to a post on an undisclosed paste site.
List contains hundreds of domains from all over the world
The individual claims that the details are 100% valid and Daniel Ingevaldson, Chief Technology Officer at Easy Solutions, said in a blog post on Sunday that the list included email addresses from Hotmail, Yahoo and Gmail.
Easy Solutions is a US-based company that provides security products for detecting and preventing cyber fraud across different computer platforms.
According to Ingevaldson, the list contains over 7 million credentials from Hotmail, 2.5 million from Yahoo, and 2.2 million from Gmail.com.
It is unclear if “credentials” refers to usernames and passwords that can be used to access the email accounts or the account of the dating website. Also, it is unknown whether the database stored the passwords in a secure manner or if they were available in plain text.
An email address is often used as the username for an online service, to which the user can log in with a unique password. However, password recycling is a common practice for many users and the same string could be used to sign in to multiple online accounts.
“The list appears to be international in nature with hundreds of domains listed from all over the world. Hackers and fraudsters are likely to leverage stolen credentials to commit fraud not on the original hacked site, but to use them to exploit password re-use to automatically scan and compromise other sites including banking, travel and email providers,” says Ingevaldson.
More information is expected to emerge
According to our sources, the affected website is Topface, an online dating location that touts over 90 million users. The business is headquartered in Sankt Petersburg, Russia, and it advertises that more than 50% of its users are from outside Russia.
We contacted Topface to confirm or deny whether they suffered a breach recently that could have resulted in exposing a database this big; we are yet to receive an answer from the company.
The credentials could have been stolen without perpetrators needing to gain unauthorized access, as Easy Solutions draws attention to the fact that email phishing may also have been used to get the info straight from the clients of the website.
Easy Solutions could not be contacted through the online form available on its website, but we tried alternative communication and are currently waiting for more details.
[UPDATE]: Topface CEO Dmitry Filatov replied to our email saying that at the moment there is no evidence of a security breach on their service.
He also expressed confidence about Topface customers being safe from harm's way even if an intruder managed to take info about them from the service's servers.
"Almost 100% of our users use Facebook and other social networks authorization to access Topface and we have no access to their passwords or any secure data. We also never keep any payment information or other secure information about our users. All the data that we have is e-mail address which can not be used alone to access any secure data. That is why we are pretty sure that our users will not have any problems even if any data was stolen from our service."
However, a list with 20 million email addresses known to belong to users of a specific service could be quite valuable in phishing scams as the fraudulent emails could lure a client into a trap.