PlentyOfFish hacked: Personal details compromised

Following hot on the heels of the Sourceforge hack, the same thing happened at PlentyOfFish.com last week, leaving Markus Frind, the CEO of the popular dating website, angry and exhausted as he points out in detail on his blog;

This is not a statement from Plentyoffish, i’ll post something in the morning. This is a personal post about what it feels like to be hacked /extorted and the intense pressure and stress you are put under. Not to mention how annoying it is to have someone constantly harassing and trying to scare your wife at all hours of the day. I think a slept a total of 2 hours a night for a week….. Plentyoffish was hacked last week and we believe emails usernames and passwords were downloaded. We have reset all users passwords and closed the security hole that allowed them to enter.

Frind has even identified the person behind the attack, that being Chris Russo, an Argentine hacker who had last summer hacked The Pirate Bay and only signed up to PlentyOfFish for two days before allegedly gaining access to their servers and sensitive data.

The ordeal, however, took a sordid twist when Frind alleged that Russo also contacted his wife by leaving a voice message, claiming that the Russians were coordinating a large scale attack, were planning to steal 30 million dollars from him, had already gained access to his PC, and were going to kill him.

Russo refuted the allegations directly on Frind's blog, stating:

"Noone(sp) of my team make any harm, or copy of the database, he should be able to see that in the logs before talking random crap about me, me team, we only made a proof of concept, in order to communicate Markus about the vulnerability."

The Next Web was also contacted directly.

“Russo notes: The Last Friday 21 of Januray(sp), we discovered a vulnerability in www.plentyoffish.com exposing users details, including usernames, addresses, phone numbers, real names, email addresses, passwords in plain text, and in most of cases, paypal accounts, of more than 28,000,000 (twenty eight million users). This vulnerability was under active explotation(sp) by hackers.”

The story takes a final bizarre twist. Russo also claimed to The Next Web that Frind was in the process of hiring him as a security consultant for exposing the exploit. Whatever happened, one thing is for sure, both sides of the issue don't agree on the outcome.

Report a problem with article
Previous Story

SourceForge falls victim to password hack; globally resets accounts

Next Story

Windows Mobile outsells Windows Phone 7 in Q4 2010

26 Comments

Commenting is disabled on this article.

WooHoo.....Couldn't of happened to a better site. POF is a peice of cr$%.... they keep perma banning my IP & accounts forcing me to signup using proxies. Do you know how hard it is to find a proxy that hasn't been banned by POF?

I've been wanting to learn hacking for the sole purpose of hacking POF & Whirlpool (another POS website). Let's hope Russo wonders by Whirlpool soon....

so, just don't use plenty of fish is all im getting from this - as it seems POF and/or security experts cannot see eye to eye. Only bad for users.

According to my roommate, they send an email weekly to users with their "latest matches" and they transmit the password is plain text along with that email. Yikes!

plenty of fish has been criticized for some security problems for years. They knew about the problems and refused to fix them.

Okcupid is much better.

I'm amazed that anyone even uses PlentyOfFish. I tried it for a couple days and quickly decided it was not up to par. It's about one step above Craig's List on aesthetics and functionality. In contrast, OKCupid really does everything right.

Skwerl said,
I'm amazed that anyone even uses PlentyOfFish. I tried it for a couple days and quickly decided it was not up to par. It's about one step above Craig's List on aesthetics and functionality. In contrast, OKCupid really does everything right.

plenty of fat fish on there biting at me.... if only I liked the taste lol.... OKCupid is much better IMOH.

Skwerl said,
I'm amazed that anyone even uses PlentyOfFish. I tried it for a couple days and quickly decided it was not up to par. It's about one step above Craig's List on aesthetics and functionality. In contrast, OKCupid really does everything right.

My sister in law JUST got her first computer. She already knew of GiveMeFacebook, but first site she found on her own was this crap site (PlentyofFish)!!

Agree that no one deserves to have their stuff compromised, but on these type site, they deserve it!!

Well, normally with any business of any kind of sense would but.. you know the kind of security practices a lot of businesses use..

Miuku said,
Well, normally with any business of any kind of sense would but.. you know the kind of security practices a lot of businesses use..

Normally it works by storing the password as a MD5 hash. This makes the in-copy database version secure as the hash will not give away the user's plain text password, and cannot be used to login. However, by using rainbow tables (MD5 hash to plain text) or brute force, you can find a plain text equivalent which works in the username / password box.

What is going on with the people in this world??? Hacking sites? Cant these groups just let it be and maybe join the forces or use your hacking skills for good without being a pain in the ass for the rest of the people?

Reading between the lines, it seems that Russo merely claimed that he exposed a major security hole in the setup (even claiming that Frind was going to hire him), and Frind believes otherwise! Who's to know for sure?

I just love how when your old password fails to work, they don't INFORM you that they were hacked and they RESET your password.

warwagon said,
I just love how when your old password fails to work, they don't INFORM you that they were hacked and they RESET your password.

At least SourceForge let you know!!

presence06 said,
Hmm.. I closed my Paypal account a month ago.. would my data still reside on their servers?

Most definately. But this is POF. Its all free isnt it?

ChuckFinley said,

Most definately. But this is POF. Its all free isnt it?

I think you can pay for "premium" content.. similar to facebook.

Well that would explain why I wasn't able to log in with my current password. Thank you Roboform. because I use that I had a special password for just POF. Didn't really have any information on it, I was using the free account. Kind of sucks though that the email was one thing that got out. The one time, I don't use my spam email address... Geesh!

warwagon said,
Well that would explain why I wasn't able to log in with my current password. Thank you Roboform. because I use that I had a special password for just POF. Didn't really have any information on it, I was using the free account. Kind of sucks though that the email was one thing that got out. The one time, I don't use my spam email address... Geesh!
haha i guess thats what you get for using that site