The personal information of 1.2 million members of the “exclusive” dating site BeautifulPeople.com has surfaced for sale on the dark web following a breach that occurred last year.
Haveibeenpwned creator Troy Hunt spotted the information, including names, passwords, sexual orientations, beauty ratings, dates of birth, drinking habits, education levels, email addresses, income levels, job titles, and other data, according to haveibeenpwned.
BeautifulPeople.com told SCMagazine.com in an emailed statement that the information for sale is from the initial breach and only involves data that was provided by members prior to mid-July 2015.
“All impacted members are, of course, being notified once again,” the statement said.
MacKeeper Security Researcher Chris Vickery, who initially discovered the data on an exposed company server in December 2015, told SCMagazine.com via email comments that the information was unprotected and accessible by an IP address when he found it.
He said the dating website simply published an open database into the world that was accessible to anyone with the IP address.
“The malicious people that have been selling it probably found the very same server and downloaded it directly from BeautifulPeople,” he said.
The dating website said that they are only aware of two security researchers, presumably Hunt and Vickery, accessing the data when the breach was reported to them last year.
BeautifulPeople.com initially said only “test servers” were compromised, according to Wired, but Vickery suggested this was done only to make the breach sound “less severe.”
“The server may have indeed been a ‘test,’ BUT they put real data into this ‘test’ server,” Vickery said.