Some “not so beautiful people” may have taken revenge on dating site BeautifulPeople.com after what is believed as the portal’s database has been breached and about 1.1 million user data sold on the black market.
The leaked personal information of BeautifulPeople.com users was found through the search engine Shodan, when security researcher Chris Vickery searched the port assigned for MongoDB, a software for database management use. If left with no password, a MongoDB account will always be susceptible to attacks.
Although Beautiful People moved to address the situation, it was too late because it appeared that some unidentified party had already stolen the dataset and gone on to sell the information on the black market. Beautiful People, however, downplayed the data breach and said the affected dataset only belonged to a test server, not the actual server used for the website’s operations.
Of course the argument does not make sense, because even if the breached server is a test one, the pieces of information contained in it remain sensitive and personal that the unauthorized to them constitutes privacy violations. So there is no difference between a test and an actual server. The website says that the breach affects information submitted to the website before mid July 2015 through the signup page. Site users who signed up for BeautifulPeople.com before December 24 last year may have been affected by the breach.
The BeautifulPeople.com hack comes on the heels of last year’s breach into the website of Ashley Madison, a website dedicated to infidels and adulterers. Beautiful People would like us to believe the breach on its website is less severe than that of Ashley Madison, claiming that the hack did not result in the leak of passwords and financial information of the users.
There are a couple of reasons why the BeautifulPeople.com breach should concern you as a private individual, not least because you want your relationship to be private as much as possible. More to the point, the breach exposed email addresses, phone numbers, and salary information to potential hackers and identity thieves. It also affected millions of private messages sent and received by the site’s members.
The breach also highlighted the poor security practices of MongoDB prior to its transition to the version 3.0. Previously, the software did not have credential requirements. But at the end of the day, the responsibility of protecting sensitive information lies in the company holding those data like BeautifulPeople.com. The website clearly committed negligence on it part.
