Private Messages and Credentials From Dating Site ‘Muslim Match’ Exposed

Following the news about Niche dating site, Muslim Match has been breached with nearly 150,000 user credentials and profiles posted online as well as over half a million private messages between users. IT Security experts from MIRACL and AlienVault commented below.

Brian Spector, CEO of MIRACL:

brian-spectoreic“Dating site hacks are becoming a cliché, just like hospitals falling victim to ransomware. There was the controversial Ashley Madison as well as what are probably long forgotten by now, Beautiful People, Plenty of Fish, Match.com, the list goes on and on..

What’s worrying is that Muslim Match doesn’t seem to have been encrypted, which would be the most effective way to keep information free from the prying eyes of hackers. And with data such as personal messages being available to the attackers, we could see a similar scenario to that of Ashley Madison, where users who sent sensitive messages are blackmailed.

With so many breaches in the news each week, no wonder our fundamental trust in the Internet has eroded. But we don’t have to give in to these weekly announcements about mass data breaches. Customers are rightly demanding to be protected when they submit their valuable personal information on the web, and online services need to respond appropriately by securing their websites and replacing the password with more rigorous authentication technologies.”

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“As last year’s Ashley Madison breach showed, dating websites can cause legitimate distress and even harm to victims that have been affected.

Smaller and niche sites often have fewer resources to dedicate to security, it’s often a case of building a product and gaining market traction before thinking of security. However, no online company is ‘too small’ or unimportant to be targeted by attackers, especially when user data is involved.

Targeting private messages between individuals can expose embarrassing secrets in any environment, this becomes even more apparent for dating sites. The added religious and cultural taboos could make details from this particular breach even more damaging, so blackmail can be a very real possibility.

Where possible, people should consider information on websites to be publicly available. Therefore, they should consider what photos and information they post and share and the potential impact if the content is shared broadly.”

Information Security Buzz