User names and e-mail addresses of 20 million visitors to a Russia-based online dating service have been hacked and offered for sale on a website, according to fraud-detection software-maker Easy Solutions Inc.
Daniel Ingevaldson, Easy Solutions’ chief technology officer, issued a statement about the breach at Topface -- a website that says it has more than 90 million registered users - - after seeing a posting by the thief, who used the alias ‘Mastermind,’ on an online forum used by cybercriminals.
In a statement, Topface Chief Executive Officer Dmitry Filatov said while he has no proof of the breach, the St. Petersburg-based company is investigating. He sought to reassure users, saying more than 90 percent of them log onto the site via Facebook or other social networks, and that Topface has no access to their passwords and doesn’t keep secure information such as payment data.
“We are pretty sure that our users will not have any problems even if any data was stolen from our service,” he said.
Still, hackers can use stolen credentials to try to access bank accounts, health records or other more sensitive data, Ingevaldson said in a phone interview.
“These aren’t credit cards, but this is a tier-one breach,” he said. “These credentials are like the iron ore of the cybercrime industry.”
Ingevaldson said such personal information usually sells quickly, to fraudsters who use automated software programs to find sites where people used the same information they did to access the dating site.
Fifty percent of the credentials were for people based in Russia, and 40 percent came from the European Union. All told, the 20 million people used e-mail addresses with 345,000 different domain names. Seven million of the people that logged in to the site used Hotmail.com, 2.5 million used Yahoo.com, and 2.3 million used Gmail.com.
Hackers are targeting popular websites to steal user names and passwords that they later use to try break into electronic-payment and mobile-phone accounts. Russia’s largest Internet companies Yandex NV and Mail.ru Group Ltd. reported leakage of millions of user accounts late last year.
Filatov started Topface in 2011. While the site is free to use, customers can pay to get their profiles promoted. The dating service competes with Mamba, Badoo and Tinder, the CEO said.