Did Anyone Learn from the Ashley Madison’s Breach?
It should really come as no shock to anyone these days that an online dating website has been hacked. The latest subject of attack is self-proclaimed ‘elite’ dating website BeautifulPeople.com, which has suffered a massive database leak, exposing the personal and sensitive information of 1.1 million users.
According to HaveIBeenPwned, a data breach notification website, the leaked user data includes a whopping 15 million personal messages between users, as well as:
- Beauty ratings and physical attributes
- Sexual preferences
- Car and home ownership status
- Geographic location
- Income level
- DOB, Gender
- Job Title including real name
- Drinking and smoking habits
- Education level
- IP addresses and website activity
The data breach was initially discovered in December of 2015, by Forbes researcher Chris Vickery. In a statement to Forbes, Beautiful People owners said: “We can confirm we were notified of a breach on December 24, 2015 of one of our MongoDB test servers. This was a staging server and not part of our production database. The staging server was immediately shut down.”
Members need to be voted in by members of the opposite sex, as to maintain the self-proclaimed “playground for the aesthetically blessed” status of the website. [i]
However, it seems like cyber criminals got their hands on the data before the servers were shut down. According to Troy Hunt, who runs HaveIBeenPwned, the data is not only available but is already been traded online on the dark web. Two BeautifulPeople.com users have confirmed that their information was in the leaked database, which did include encrypted passwords. In a post to Twitter, Hunt also said that 170 government credentials have been used to sign up to the website.
We continuously read about stories regarding enterprise companies being hit with massive data breaches, especially from companies whose clientele relies upon and trusts them to safeguard their information. At Secure Sense we believe that it is better to act, than react – always assume you’re under constant attack. With this mentality, organizations need to understand and make a commitment to better data protection. As we have previously blogged, some of the best practices for database security include Data Masking, Encryption, implementing a DAM and ensuring Tighter Roles and Separation of Duties.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
[i] Image retrieved from Daily Mail: http://www.dailymail.co.uk/sciencetech/article-3558121/Elite-dating-site-BeautifulPeople-com-hit-hack-experts-warn-sexual-preferences-income-1-1-million-members-sold-online.html