Russian online dating firm, Topface, which is said to have 92 million users, has forked out an undisclosed amount of cash to a hacker who stole 20 million user email addresses and put them up for sale.
Dmitry Filatov, CEO of the St. Petersburg-based dating service, said that as the hacker had not passed the data on to anyone no charges would be made against him or her.
And rather than describing the payment as a ‘ransom’, Topface is calling it “an award for finding a vulnerability”. Details of the vulnerability discovered have not been made public and the hacker is now rumoured to be working with Topface as a consultant of sorts.
Filatov said that the attacker had not accessed any data other than email addresses, such as passwords or private messages.
Jason Hart, VP cloud services, identity and data protection at digital security firm Gemalto described it as a hack that could have easily been prevented.
He said: “It’s important to look at what form of security their customers were using. According to the company’s statement, customers use Single-Sign On (SSO) to access their accounts. Although some believe that this is a secure way to authenticate users because it bypasses passwords, SSO allows a user to use the same credentials (user name and password) to access many accounts and therefore, if the SSO account is still only using a static password it is still weak. Thus, it’s very important that companies enable One-Time Password (OTP) technology when using SSO, because there are more accounts at risk of being a target.
“Alongside the combination of OTP technology and SSO, we’d recommend that companies adopt a ‘secure breach’ approach that focuses on securing the data once intruders penetrate the perimeter defences. This means they need to attach security directly to the data itself using multi-factor authentication and data encryption, as well as securely managing encryption keys. That way, if the data is stolen, it is useless to the thieves.”
Filatov apologised to Topface users for any inconvenience and reassured them that the company plans to improve data-protection system, according to the statement.
How much do you know about Russian IT? Take our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…