14 DAY TRIAL // Online dating website PlentyOfFish has reset user passwords after hackers managed to extract people's registration information by exploiting vulnerabilities in the platform.
According to independent security journalist Brian Krebs, the compromise was first reported by an Argentinian hacker named Chris "Ch" Russó who demonstrated a proof-a-concept to him.
Russó has previously hacked into ThePirateBay.org and exposed vulnerabilities into the website. He views himself as a security researcher.
The hacker claims that he is not the only one to have obtained unauthorized access to the PlentyOfFish database and that the site's database is being circulated in the hacking community.
In a lengthy post on the company's blog, PlentyOfFish founder Markus Frind tells a different story, one where Russó tried to force his company into signing a contract for security services with him.
Frind described Russó's actions as harassment against his company, himself and especially his wife, whom the hacker called over the phone on several occasions.
"Plentyoffish was hacked last week and we believe emails usernames and passwords were downloaded," Frind wrote in his original post.
"We have reset all users passwords and closed the security hole that allowed them to enter," he stressed.
The dating site, which is very popular in Canada, UK and the United States, has over 145 million visitors a month and over 10 million registered users.
In a later statement, the company noted that only 345 accounts had their password exposed, which would make it a relatively limited breach.
It's therefore not entirely clear if passwords were reset for the entire user base or only for those that have been confirmed as compromised.
If all users had their passwords reset, it might be the result of the introduction of a hashing algorithm, as this attack revealed that PlentyOfFish access codes were being stored in plain text, which is a major security oversight.