Remember the Ashley Madison hack from 2015? On 18 and 20 August, a hacking group called The Impact Team leaked more than 25 gigabytes of company data, user details included. Data breaches of that scale happen quite often and put the personal information of individuals at danger.
Yet another scandalous data breach has leaked the details of more than 1.1 million users of BeautifulPeople.com – a popular dating website. As a result, leaked details are currently up for sale on the Dark Web.
Vulnerable MongoDB Database at Fault for the Data Breach
According to Thomas Fox-Brewster from Forbes, the data breach happened earlier in 2015, as he had known about it since December 2015. This is when Chris Vickery, a MacKeeper security researcher, contacted him and told him about an unsecure database, more precisely, a no-password MongoDB database that was accessible via the Internet.
Later, they contacted BeautifulPeople to let them know about their findings. According to Beautiful People, this was only a test server. Nonetheless, the company took it down and the story wasn’t published anywhere.
This is what the company told Forbes in December:
We can confirm we were notified of a breach on December 24th of 2015 of one of our MongoDB test servers. This was a staging server and not part of our production data base. The staging server was immediately shut down.
What Is the Actual Truth?
Even though the already controversial Beautiful People claims that no user data was compromised, research by Vickery and Forbes says otherwise. Their research points out hundreds of personal data attributes, including messages, have been leaked. Some of the information has been uploaded for sale on underground forums. This is a list of stolen user information:
- Names and email addresses;
- Encrypted passwords and geo location;
- Sexual preferences;
- Hobbies and favorite movies;
- Drinking habits, etc.
As a total, over 100 types of personal details have been leaked, including 15 million private messages.
How Can BeautifulPeople Users Make Sure Their Information Is Safe?
HaveIBeenPwned.com, a website by Australian researcher Troy Hunt, has already been updated and now BP users can check whether their details have been compromised or not. Anyone who is doubt of “participating” in a major data breach can go to the website and check.