A hacker on ‘Hell,’ a dark web hacking forum, claims to have gained access to over 27 million plaintext passwords from Mate1.com, which he says he later sold. The asking price was 20 bitcoin ($8,700) although the actual sales price is unknown at this time.
“We're hunting for awesome startups”
Run an early-stage company? We're inviting 250 to exhibit at TNW Conference and pitch on stage!
“Their server was compromised and the MySQL database was dumped,” the hacker told Motherboard. “I had shell/command access to their server.”
The shocking part is that it appears Mate1.com hosted the files in plaintext without any hashing. I tested this by creating an account and then clicking the “forgotten password” link only to have my full password emailed to me in plaintext.
If you or someone you know has a Mate1.com account, it’s time to change passwords.
The dangerous thing about these hacks isn’t that someone has compromised an online dating account, it’s that many users share passwords between services, so a Mate1.com password might also be used for Gmail, Amazon, or a bank account.