Feeds

Dating site and hacker in online spat over security breach

No love lost

The Power of One eBook: Top reasons to choose HP BladeSystem

The founder of Canadian dating website PlentyOfFish.com has become embroiled in an online spat with a white-hat hacker who found security bugs on the site and a reporter who began asking questions about the flaw.

Markus Frind, the founder and chief executive of Plenty of Fish, claims he was approached by someone who exported 345 users accounts from pof.com's database before trying to convince the site to hire his crew as a security team. If PlentyofFish.com didn't play ball, then the hacker threatened to go to the press, according to Frind, who said he interpreted the action as attempted extortion.

However, the Argentinian hacker who approached the site, Chris Russo, said he was only trying to warn PlentyofFish.com of a security vulnerability he had found. Russo created a proof of concept demo of the vulnerability, which he shared with former Washington Post staffer Brian Krebs, who runs the Krebs on Security blog, around a fortnight ago.

Krebs set up a free account on the site, details of which Russo was able to recite back to him thanks to a flaw that meant you could view account and login credentials on any of the 30 million registered members of the site. Convinced there was a potential problem, Krebs approached PlentyofFish.com for comment.

Frind reportedly stalled Krebs' questions for several days before posting a rambling blog post accusing Russo of spinning bizarre yarns about unearthing threats by the Russian mafia to blackmail PlentyofFish and other dating sites and supposedly claiming his life was in danger, all to support the attempted hacking and extortion of PlentyofFish.com. The same post indirectly accuses Krebs of participating in the extortion scam, before backtracking on that clearly unfounded claim.

PlentyOfFish.com admits there was a security hole on the site but said it was minor and had been resolved by a recently applied (precautionary) password reset. Krebs reckons the site got into problems because it stored user login credentials in plain text, a point PlentyofFish disputes.

The two conflicting versions of events can be found in a heavily commented upon blog post by Frind here and a rival retelling of events by Krebs here. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.