Following hot on the heels of the Sourceforge hack, the same thing happened at PlentyOfFish.com last week, leaving Markus Frind, the CEO of the popular dating website, angry and exhausted as he points out in detail on his blog;
This is not a statement from Plentyoffish, i’ll post something in the morning. This is a personal post about what it feels like to be hacked /extorted and the intense pressure and stress you are put under. Not to mention how annoying it is to have someone constantly harassing and trying to scare your wife at all hours of the day. I think a slept a total of 2 hours a night for a week….. Plentyoffish was hacked last week and we believe emails usernames and passwords were downloaded. We have reset all users passwords and closed the security hole that allowed them to enter.
Frind has even identified the person behind the attack, that being Chris Russo, an Argentine hacker who had last summer hacked The Pirate Bay and only signed up to PlentyOfFish for two days before allegedly gaining access to their servers and sensitive data.
The ordeal, however, took a sordid twist when Frind alleged that Russo also contacted his wife by leaving a voice message, claiming that the Russians were coordinating a large scale attack, were planning to steal 30 million dollars from him, had already gained access to his PC, and were going to kill him.
Russo refuted the allegations directly on Frind's blog, stating:
"Noone(sp) of my team make any harm, or copy of the database, he should be able to see that in the logs before talking random crap about me, me team, we only made a proof of concept, in order to communicate Markus about the vulnerability."
The Next Web was also contacted directly.
“Russo notes: The Last Friday 21 of Januray(sp), we discovered a vulnerability in www.plentyoffish.com exposing users details, including usernames, addresses, phone numbers, real names, email addresses, passwords in plain text, and in most of cases, paypal accounts, of more than 28,000,000 (twenty eight million users). This vulnerability was under active explotation(sp) by hackers.”
The story takes a final bizarre twist. Russo also claimed to The Next Web that Frind was in the process of hiring him as a security consultant for exposing the exploit. Whatever happened, one thing is for sure, both sides of the issue don't agree on the outcome.