Vanity dating site BeautifulPeople popped
Sysadmins: check your MongoDB defaults or you WILL suffer
A December breach dismissed as minor at the time has turned ugly for dating-for-narcissists site BeautifulPeople.
Security researcher and architect of HaveIBeenPwned, Troy Hunt, has told Forbes 'net scum are now offering data from a million BP users for sale.
The site, which once, inexplicably and unforgivably, judged that El Reg hacks don't count as beautiful, collected the usual hoard of information about its users – user ID, email address, location data, physical characteristics, jobs, sexual preferences and more, all of which is in the compromised profiles.
Researcher Chris Vickery told Forbes the information was copied from an unsecured test server running MongoDB.
MongoDB has proven problematic for sysadmins wanting security:
BeautifulPeople told Forbes passwords and financial data were not at risk and claimed to have notified all affected users.
So there's only enough information leaked to mount a halfway-decent identity theft campaign, instead. ®