PlentyofFish Hacked, Founder Emails Hacker's Mom 367
hellkyng writes "The online dating site PlentyofFish was hacked, and purportedly 30 million customer records were stolen. The site's founder, Markus Frind, is blaming the security researcher who discovered the vulnerability and the journalist who confirmed the issue."
The researcher who reported the vulnerability is Chris Russo, one of the guys who hacked The Pirate Bay last year. He explained his side of the story as well. Mr. Frind says he tracked down Russo's Facebook page and emailed his mom.
Password in plaintext email (Score:5, Interesting)
I was on the site for a while. It was always slightly clunky, but I'd prefer a free, one-man labor of love to a buy-in site that basically tries to promise sex for money. It was particularly helpful in helping me discover that I wasn't as bad as most of the creeps out there... and conversely, creepiness doesn't belong exclusively to those of the male persuasion. That was good to know -- it helped me realize that I need to be picky. (And my pickiness was rewarded many times over when I found my fiancee. In my Sunday School class).
But on the tech side, it irritated the living crap outta me that POF would send me a weekly e-mail with my password IN PLAIN TEXT. Every week, just as a reminder of how easy it would be to log in. Yeah, easy for *anyone* to log in as me and, if I were foolish enough to put important information on POF, to mess with my life. And, of course, if I were foolish enough to use that password for my bank account... well, I think anyone on this site knows the rest.
So I'm not at all surprised that someone found a way to hack POF. Sending a password in plaintext is bad, but not uncommon. Heck, T-Mobile does it. But sending it every week, unsolicited? I'm sorry to be rude, but that's just stupid.
Re:Password in plaintext email (Score:3, Interesting)
I used POF, and found its interface to be absolute shit. I still get emails from them on a bi-weekly basis, with password still in plaintext (after noticing this the very first time I immediately changed it to something more appropriate to something emailed in plaintext). The guy who runs it makes like $1mil+ a month in ad revenue, so I don't really feel bad about his baby getting hacked when he has the money to hire someone with half a brain.
Markus' Email to Chris Russo (Score:5, Interesting)
If this data goes public I am going to email every single effected user on Plentyoffish your phone number, email address and picture. And tell them you hacked into their accounts.
Then i'm going to sue you In Canada, US and UK and argintina. I am going to completely destroy your life, no one is ever going to hire you for anything again, this isn't piratebay and we definately aren't fooling around.
Markus.
That *was* the traditional penalty (Score:5, Interesting)
Back when Cheswick and Bellovin were doing the original Bell Labs firewalls, and caught a Dutch teenager trying to hack into their site, the Netherlands didn't have any computer security laws that made it illegal. "So we called his mom...."
Re:should not affect slashdot crowd (Score:4, Interesting)
You must have seen my little sisters profile, she will kill me if she know I was joking about her.
She keeps telling me about how I can meet a nice girl there after breaking up with my whore ex.
Right after she tells me about all the dirty old men, halfwits and creeps she has to filter through.
Re:Password in plaintext email (Score:4, Interesting)
Hmm....just how many girls on the websites are you approaching? You know, it is really a HUGE numbers game on the internet, maybe even more so than in real life meatspace.
Are you trying to contact 100's or more of women a week?
Make yourself out a basic 'template' of an email to use...with some spaces in there to maybe personalize your message a little bit...maybe to mention one specific thing you read about her (if you bother reading them, and don't go straight from looks). Anyway, use this basic 'canned' email and send it out over and over and over and over and...well, you get the idea. Heck, even send it to chicks you might not even be interested in, just to gage response. If it doesn't work...tweak it a little.
I actually heard some guys did the reverse engineering thing...they created a fictitious account as a chick, with good looking pics and all...just for the sole objective...of seeing what other guys were posting on their profiles, and the types of emails they were sending. Some guys doing this, even would have girls that were just friends, read what they guys were sending, just to see what they thought they as women would respond to.
The researchers used all this to tune their emails to women, and started getting a lot more response (of course, they STILL sent out 100's and 1000s of emails to women, but they were better quality emails.
Typical CEO (Score:5, Interesting)
Reading both accounts of the story (one from the CEO, the other from the security expert), it seems to be a case of "who do you believe". All we truly know is that the site was hacked, these guys were involved somehow, and now they're mad at each other. Everything else is just based on what one side or the other says.
That said, looking through the blog postings of the CEO, he strikes me as having the classic case of paranoid narcissist personality disorder. Every other posting is a rant about how his competitors are all out to get him. Everything they do is about HIM and a response to HIS business. When eHarmony does something, it's not just an innocent business expansion, it's a direct personal attack on this guy. I've worked with presidents and CEOs who use similar wording to this CEO in their daily speech, and whose nuances and mannerisms seem to match this guy's perfectly. Although my examples are only anecdotal, I'd be willing to bet this disorder is quite common among business leaders.
Not knowing more about the situation and only having their two accounts to go with, I would probably fall on the side of believing the security expert's account more, just looking at the level of paranoia and exaggeration in the CEO's blogging history.