PlentyofFish Hacked, Founder Emails Hacker's Mom 367
hellkyng writes "The online dating site PlentyofFish was hacked, and purportedly 30 million customer records were stolen. The site's founder, Markus Frind, is blaming the security researcher who discovered the vulnerability and the journalist who confirmed the issue."
The researcher who reported the vulnerability is Chris Russo, one of the guys who hacked The Pirate Bay last year. He explained his side of the story as well. Mr. Frind says he tracked down Russo's Facebook page and emailed his mom.
Re:should not affect slashdot crowd (Score:2, Informative)
Re:makes sense (Score:4, Informative)
Specifically, there's a link in the article to Marcus Frind's blog [wordpress.com], in which he claims in the same paragraph that "This was an incredibly well planned and sophisticated attack" and that "It took Chris Russo 2 days to break in; he didn’t even try to hide behind a proxy, signed up under his real name and executed the attacks while logged in as himself." Fortunately, Frind then "closed the breach if indeed there was one."
Now, it's entirely possible- since both of them obviously want to sound as cool as possible- that Chris Russo was hoping to land a security gig with POF, and said some things to suggest urgency and encourage Frind to hire him. But, frankly, Frind, on his own blog, sounds like a disjointed paranoid, talking about how damn clever he is for foiling this wily hacker. Who discovered the plaintext password storage the site uses. If they're both wankers, I'd still give credit to Russo rather than Frind. I use POF myself (with the requisite sense of shame), and the site's asking for password resets because "an argentinian hacker accessed the site." Oh, and here's the brilliant method of getting new passwords; first you enter your email (which an exploiter would already know), then you enter your current password (which the exploiter would know), and your new password. So I guess all the users are pretty much safe! :D