14 DAY TRIAL // Details for 27 million Mate1.com users were sold via the infamous Hell hacking forum, as a reporter for Vice Motherboard has discovered.
Mate1.com is an online dating website, very similar to its more famous counterparts Ashley Madison and Adult Friend Finder, both hacked in 2015.
Mate1 data dump included cleartext passwords
According to a recent news report, a hacker posted an ad on the Hell underground hacking forum, saying that he was in possession of 27 million Mate1.com accounts, which he was willing to sell for 20 Bitcoins (~ $8,400 / €7,700).
Soon after the ad went up, at least one person bought the data, which the hacker said contained only email addresses and Mate1 passwords in cleartext.
The hacker explained in his ad that he broke into Mate1's MySQL server, from where he dumped all the user data. He says that, initially, he discovered details for around 40 million users, but after removing duplicates and bots, the number went down to 27 million. On its website, Mate1 claims to have 31.5 million registered users.
Password reuse exposes users to having other accounts taken over
Compared to the Ashley Madison leak, this hack is less impactful because it includes only email addresses and not full account details. This allows users to keep their anonymity if they chose to use a dummy email account.
If users didn't employ a dummy account and also used the same password for other accounts, then they should change their passwords immediately. It is common practice for hackers to buy email-password combos on the Dark Web and then try them on other services to see if they fit somewhere else.
Last year, after hackers dumped the personal details of 3.9 million Adult Friend Finder users, the Hell hacking forum was forced to temporarily close down. The forum only recently resurfaced amidst allegations of being a law enforcement honeypot.