Breach, Compliance Management, Data Security, Privacy, Threat Management

Info on 1.2M users sold on dark web after breach

The personal information of 1.2 million members of the “exclusive” dating site has surfaced for sale on the dark web following a breach that occurred last year.

Haveibeenpwned creator Troy Hunt spotted the information, including names, passwords, sexual orientations, beauty ratings, dates of birth, drinking habits, education levels, email addresses, income levels, job titles, and other data, according to haveibeenpwned. told in an emailed statement that the information for sale is from the initial breach and only involves data that was provided by members prior to mid-July 2015.

“All impacted members are, of course, being notified once again,” the statement said.

MacKeeper Security Researcher Chris Vickery, who initially discovered the data on an exposed company server in December 2015, told via email comments that the information was unprotected and accessible by an IP address  when he found it.

He said the dating website simply published an open database into the world that was accessible to anyone with the IP address.

“The malicious people that have been selling it probably found the very same server and downloaded it directly from BeautifulPeople,” he said.

The dating website said that they are only aware of two security researchers, presumably Hunt and Vickery, accessing the data when the breach was reported to them last year. initially said only “test servers” were compromised, according to Wired, but Vickery suggested this was done only to make the breach sound “less severe.”

“The server may have indeed been a ‘test,' BUT they put real data into this ‘test' server,” Vickery said.   

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.