Dating site PAYS cracker for stealing creds
Cheque arrives from Russia with love after fraudster failed in attempt to sell filched logins
A blackhat hacker who stole 20 million credentials and attempted to sell some online has been handed a bug bounty by one of his victims, Russian dating site Topface.
The mix 'n' meet site was hacked last month by blackhat 'Mastermind' who published millions of email addresses online and was found attempting to hawk the credentials on an unnamed criminal bazaar.
Security firm Easy Solutions unveiled the hack and stated crims would likely use the log ins to attempt to access valuable third party websites.
Mastermind did not sell the credentials and struck a deal with the company not to do so in the future.
Under that arrangement Topface awarded the failed fraudster an undisclosed sum.
"Due to the fact that he (Mastermind) has not passed the data to anyone and has no intention to do so in the future, ... we have paid him an award for finding a vulnerability and agreed on further cooperation in the field of data security," the company said in a statement.
"Regarding the character of the leak there was no access to other information - neither passwords, nor content of the accounts [including] private correspondence or photos."
It said 95 percent of users accessed Topface through social networks like Facebook limiting the use of credentials in further attacks.
The stolen published cache included some 7 million Hotmail, 2.5 million Yahoo and 2.2 million Gmail account credentials.
Topface has around 92 million users. ®