Two homosexual hookup web sites have been breached with delicate and private consumer knowledge stolen and offered on-line, new stories have claimed.
The databases, which are actually being offered on darkish net boards, have been taken from platforms referred to as TruckerSucker, and CityJerks.
They comprise sufficient personally identifiable info to have interaction in identification theft (opens in new tab), corresponding to usernames and passwords, electronic mail addresses, profile photos, sexual preferences, beginning dates, postal addresses, IP addresses, and bios. The passwords are encrypted, however in line with TechCrunch, the algorithm is “weak” and might be damaged by a extra persistent hacker.
The silent remedy
HaveIBeenPwned founder Troy Hunt, who was tipped off on the leak, described the incident as a “typical discussion board breach, albeit with tremendous delicate content material.”
Nevertheless the content material contains extra than simply identification knowledge, as there are additionally messages customers exchanged, together with arranging conferences and describing their sexual preferences.
In complete, greater than 80,000 folks have been affected by this incident, the publication states. Roughly 8,000 TruckerSucker customers have been compromised, along with 77,000 folks from CityJerks.
In the mean time, the house owners and maintainers of those two web sites are silent on the matter.
The 2 web sites share an nearly equivalent visible design, which could imply they’re operated by the identical firm and might be utilizing the identical content material administration system (CMS), which is perhaps why the attackers managed to breach simply these two. Sadly, till the house owners share any updates, it’s inconceivable to know precisely how they have been compromised, if the menace actors found a zero-day, used any identified malware, or any distinctive social engineering techniques.
If the passwords are as weak because it’s being claimed, a hacker may decrypt them and run them in opposition to different, stronger platforms, corresponding to monetary providers. As customers typically use the identical username/password combos throughout a big selection of providers, this breach may find yourself being much more damaging.
By way of: TechCrunch (opens in new tab)