14 DAY TRIAL // Online dating website Topface completed its investigation of a breach that caused the leak of 20 million user email addresses and remedied the issue without endangering the data of its visitors.
A report from Easy Solutions released last week said that a hacker managed to steal the information from the servers of Topface and put it out for sale to the highest bidder.
Hacker agrees to report future vulnerabilities
The CTO of the company informed that the list included more than seven million addresses from Hotmail, 2.5 from Yahoo, and 2.2 from Gmail.
Today, Topface CEO Dmitry Filatov has said via email that the user information is safe and the risk of the database falling in the wrong hands has been eliminated.
The feat was achieved by contacting the hacker that stole the email details, who had not disclosed them to anyone else and agreed not to do so in the future.
In exchange, Topface decided not to press any charges and also gave him a reward of a few thousand dollars for finding a weakness in the service.
Furthermore, the hacker, who goes by the alias Mastermind, agreed to cooperate with the Russia-based company to improve data protection measures. Filatov says that Mastermind will report vulnerabilities as he finds them.
Topface does not store sensitive information
“He [Mastermind] has confirmed the findings of our investigation and has made an agreement with Topface for no further distribution of acquired email addresses database. Due to the fact that he has not passed the data to anyone and has no intention to do so in the future, we will not accuse him, moreover, we have paid him an award for finding a vulnerability and agreed on further cooperation in the field of data security,” Filatov said via email.
It is worth noting that the email addresses were the only details accessed by the hacker. Passwords and content associated with the users’ accounts (private messages or images) were never at risk.
Topface does not store any financial information and more than 95% of the users authenticate with credentials for social networks. However, the website visitors using an email address to log in have been alerted and advised to change their password.
According to statistics on the website, there are more than 91 million people using the service and more than half are from countries outside Russia.