If you’ve dabbled in Russian online dating services in the past, then you may want to change all your passwords. Popular Russian dating website Topface was hacked earlier this week, revealing the usernames and email addresses of 20 million users.
The leak was discovered after the list of usernames was posted on a Russian black market website. Fraud-detection software manufacturer Easy Solutions Inc. has been credited with discovering the leak.
Topface, found at www.Topface.com, claims to have over 91 million active users. The website is based in Russia but has users all over the world.
Topface CEO Dmitry Filatov said the website has no proof of the breach. However, the company is investigating the claim.
Filatov reassured users that their information was safe. He also claimed that 90% of users log into the service using Facebook or other social networks, which means Topface never actually has access to their password information.
What Can You Do With Stolen Email Addresses?
Stolen email addresses are considered a “tier-one breach”. Email addresses are described as “like the iron ore of the cybercrime industry”: they’re common and worth much less than precious information like credit card numbers or passwords.
Nevertheless, someone can still do a lot of damage with a list of email addresses.
Lists of email addresses sell quickly to hackers. These hackers use automated software to find other sites where people used the same login information.
Hackers could target bank accounts, health care records, and other sensitive data using the email addresses. They could attempt to impersonate the individual in many different ways.
The person who buys the list will also likely run through a list of the 100 most common passwords in the world. Out of 20 million email addresses, it’s likely that a few thousand will have used some of those most common passwords.
According to early statistics from the attack, 50% of the credentials came from Russia, while 40% came from the EU. A total of 20 million email addresses were stolen in the attack. The vast majority of those email addresses were for Hotmail accounts (7.5 million), with Yahoo (2.5 million) and Gmail (2.3 million) coming in second and third place.
In Hotmail, users who choose the “Forgot My Password” option are often taken to a list of secret questions setup by the user. Hackers can guess the answers to these questions to immediately gain access to the account.
Topface was launched in 2011 and is one of the largest European dating sites in the world.