Russian Dating Website Buys Back 20 million Stolen Email Addresses

Russian online dating firm, Topface, which is said to have 92 million users, has forked out an undisclosed amount of cash to a hacker who stole 20 million user email addresses and put them up for sale.

Dmitry Filatov, CEO of the St. Petersburg-based dating service, said that as the hacker had not passed the data on to anyone no charges would be made against him or her.

Ransom or award?

And rather than describing the payment as a ‘ransom’, Topface is calling it “an award for finding a vulnerability”. Details of the vulnerability discovered have not been made public and the hacker is now rumoured to be working with Topface as a consultant of sorts.

Filatov said that the attacker had not accessed any data other than email addresses, such as passwords or private messages.

Topface is recommending that customers change their passwords, although Filatov added that about 95 percent of the dating website’s users access the service through their own social media accounts, and the company store users’ billing information.

Jason Hart, VP cloud services, identity and data protection at digital security firm Gemalto described it as a hack that could have easily been prevented.

He said: “It’s important to look at what form of security their customers were using. According to the company’s statement, customers use Single-Sign On (SSO) to access their accounts. Although some believe that this is a secure way to authenticate users because it bypasses passwords, SSO allows a user to use the same credentials (user name and password) to access many accounts and therefore, if the SSO account is still only using a static password it is still weak. Thus, it’s very important that companies enable One-Time Password (OTP) technology when using SSO, because there are more accounts at risk of being a target.

“Alongside the combination of OTP technology and SSO, we’d recommend that companies adopt a ‘secure breach’ approach that focuses on securing the data once intruders penetrate the perimeter defences. This means they need to attach security directly to the data itself using multi-factor authentication and data encryption, as well as securely managing encryption keys. That way, if the data is stolen, it is useless to the thieves.”

Filatov apologised to Topface users for any inconvenience and reassured them that the company plans to improve data-protection system, according to the statement.

How much do you know about Russian IT? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago