Online Canadian dating Web site PlentyOfFish.com has been hacked, exposing the personal information and passwords associated with almost 30 million accounts. The site’s founder Markus Frind claims that only 345 accounts were successfully stolen, and claims the hack was part of an extortion plot.
Brian Krebs was contacted by a hacker claiming he’d found flaws in the dating site. In January, he was contacted again, and told that the hacker and some friends had found more bugs that let them view account and password information on any PlentyofFish user, and that the information was being circulated in the hacker community. He proved the flaws existed by having Krebs create a free account on the site, and read him Krebs’ own registration information.
Krebs contacted the owner of the site, but got no reply. He asked the hacker if he had any other contact information for Markus Frind or other admins. He had them all, and provided the phone number of Frind’s friend, Annie. Want the rest of the details? Check out Krebs’ website. Got an account there? Change that and any other passwords that may match. They were apparently storing passwords in plain text… (tsk tsk)