Reports of cybercrime attacks from around the world suggest that hackers are becoming more sophisticated, ambitious and brazen. Major feats of malicious hacking are taking place on a daily basis, and the economic damage keeps increasing.
From JPMorgan Chase to eBay and from Domino’s Pizza to Sony, major corporations are falling prey to spectacular cyber breaches, but some of the worst instances of cybercrime are being perpetrated against online dating sites.
The attack against Ashley Madison may have attracted the most media attention due to the salacious nature of that particular website, which encourages members to engage in extramarital sex. The Ashley Madison data breach, however, pales in comparison to the attack suffered by Mate1.com, which was reported in February 2016 but had actually taken place in October 2015
More than 27 million membership accounts of Mate1.com, a site that is ranked among the top five online dating networks in terms of activity, were sold in the black market for an undisclosed amount. According to the International Business Times, Mate1.com claims to be the most active dating website in the world, which explains the high number of accounts and the scope of this data breach.
Leaked Source, a website that acts as a clearinghouse for databases that have been dumped online for various reasons, explains that the Mate1.com hack started on October 2015. The exact methodology of the hack has not been disclosed; however, analysts believe it may have been carried out by SQL injection to gain access to the server. Nonetheless, other methods that could have been used include: physical theft of credentials, insider leak and social engineering. At any rate, the MySQL database was accessed, copied and dumped.
Although the Ashley Madison attack shares some similarities with the one perpetrated against Mate1.com, it is important to note that the former involved cyber activism while the latter was purely motivated by cybercrime with the intention of obtaining illicit gains. To this effect, the data stolen from Mate1.com was sold on a Dark Web forum known as “Hell.”
At one point, the hacker or hackers responsible for this data breach offered to sell the information for 20 bitcoin, which was less than $9K in early 2016. The sellers made their offering attractive by pruning out accounts known to be controlled by bots, which reduced the number of stolen records from 40 million to 27 million. The final sales price of this black market transaction is not known.
The Leaked Source analysis of this data breach reveals that Mate1.com did not properly hash the username and password credential of its members. Furthermore, many accounts showed that members used very poor password security when they registered. A major problem of the Mate1.com attack is that whoever purchased the illicit information can now lookup members’ data for the purpose of identity theft and to try to access other accounts with known passwords.
In the end, users of online services should remember to not use their same email/password combination across various websites.
Sources:
https://www.leakedsource.com/blog/mate1
http://www.ibtimes.co.uk/mate1-com-hack-27-million-account-passwords-emails-have-been-leaked-sold-dark-web-1547166