back to article Vanity dating site BeautifulPeople popped

A December breach dismissed as minor at the time has turned ugly for dating-for-narcissists site BeautifulPeople. Security researcher and architect of HaveIBeenPwned, Troy Hunt, has told Forbes 'net scum are now offering data from a million BP users for sale. The site, which once, inexplicably and unforgivably, judged that El …

  1. a_yank_lurker Silver badge

    Security is hard

    While securing a MongoDB install is not the same as a relational install, it still has to be done properly. I suspect any database will be hacked by the its equivalent of SQL injection because of sloppy security.

    1. smartypants

      Re: Security is hard

      If your database doesn't use a SQL, then a SQL-injection type attack isn't possible.

      I can't speak for MongoDB, but the nosql database I use just has a simple API, and you can't subvert an API call for (say) adding a record into one which drops the database or returns all the records.

      That being said, this isn't much help if security is badly managed, so you are right that security is indeed hard.

      1. Adam 52 Silver badge

        Re: Security is hard

        In this case, and yesterday's, the security is actually really simple - don't put your backend database on the Internet.

        Yes it means your cut-and-paste from stackexchange web developers might have to do some basic architectural design but it's not hard.

  2. frank ly

    Confirmation is needed

    "BeautifulPeople told Forbes passwords and financial data were not at risk and claimed to have notified all affected users."

    We should wait for an El Rel commentard to confirm that they have received a notification email and tell us how reassuring it is (or not). We certainly won't get this from an El Reg staffer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Confirmation is needed

      We should wait for an El Rel commentard to confirm that they have received a notification email and tell us how reassuring it is (or not). We certainly won't get this from an El Reg staffer.

      If you don't trust El Reg's people to do their job, what are you doing even visiting the site? You might as well go to Facebook for your news.

      1. Anonymous Coward
        Anonymous Coward

        Re: go to Facebook for your news.

        Research shows that substantial and increasing numbers of people are already doing exactly that.

        Given the state of the historic media (so-called 'newspapers') in the UK at least, maybe it's not such a big surprise.

        E.g.

        http://stakeholders.ofcom.org.uk/binaries/research/tv-research/news/2015/News_consumption_in_the_UK_2015_executive_summary.pdf

        (25 pages of 'executive summary'!)

    2. VinceH
      Coat

      Re: Confirmation is needed

      And what makes you think we readers are any better looking? We're IT geeks, after all.

      1. Updraft102

        Re: Confirmation is needed

        I thought Jen was pretty cute.

    3. frank ly
      Facepalm

      Re: Confirmation is needed

      Oh no, I forgot the joke icon.

      1. VinceH

        Re: Confirmation is needed

        Some of us automatically assume comments on El Reg are jokes until told otherwise.

        1. TheOtherHobbes

          Re: Confirmation is needed

          >Some of us automatically assume comments on El Reg are jokes until told otherwise.

          Some of us automatically assume that about sites that use MongoDB.

    4. Anonymous Coward
      Anonymous Coward

      Re: Confirmation is needed

      I haven't had notification, so not sure if I've been affected.

      That said, my details (username, email address, location, jobs) are already either out there (LinkedIn) or have been leaked that many times that if I was going to be pwned with just that info, it would've happened already.

      Anon, because I don't want you any budding detectives taking this as a challenge.

  3. Anonymous Coward
    Anonymous Coward

    Mongo

    Sad. :(

    1. g e

      Re: Mongo

      Candygram for Mr Mongo ??

      1. This post has been deleted by its author

      2. Bluto Nash

        Re: Mongo

        Mongo LIKE candy.

        Mongo only pawn ... in game of life.

  4. LewisRage
    Mushroom

    I'm the only HOT Reg reader?

    Dear BP Member,

    On December 25th 2015, all BP members were mailed regarding a specific vulnerability with one of our test servers that was holding some user’s data. We were initially informed of this breach by two security researchers. The server was immediately shut down. At this time we did not believe the data was accessed by anyone other than the two security researches.

    We were informed this morning, April 25th 2016, that the data on this server has been illegally distributed and could now be in the public domain.

    Please be assured this information did NOT include any credit card data, and user passwords were not accessible. The vulnerability was specific to a test server and not part of our production database.

    The privacy and security of our members data is of the utmost importance and all concerns we receive are dealt with immediately and comprehensively.

    Out of a general matter of caution we strongly suggest you take the following action as recommended in our last email to you in December of 2015: Please change your BeautifulPeople password.

    To do this; simply login to www.beautifulpeople.com and go to ‘Account’ -> ‘Settings’ -> ‘Login information’. From there you will be able to update your password.

    Should you have used the same password on any other website or device that holds private information, we suggest that you change these passwords too.

    Kind Regards,

    The Team at BeautifulPeople

    -------------------------------

    Don't seem to have the one from the 25th. This was in my spam folder though (and all the spam was in my inbox, brilliant) so my have been trimmed already.

    1. Brewster's Angle Grinder Silver badge

      Re: I'm the only HOT Reg reader?

      I was tempted to down vote you out of pure spite.

    2. Santa from Exeter
      Joke

      Re: I'm the only HOT Reg reader?

      No, but you *are* the only one narcissistic enough to join Beautiful People

    3. Fred Flintstone Gold badge

      Re: I'm the only HOT Reg reader?

      Being a member of member of BeautifulPeople shows that you have at least a sense of humour.

      :)

  5. Updraft102

    "'net scum are now offering data from a million BP users for sale."

    Which ones are the net scum again-- the hackers or the BP users? (Both?)

  6. Phukov Andigh Bronze badge

    anyone else but me surprised

    that there are actually at least a "million" users to even be hacked in the first place?

    I wonder how many are even real. Might be attached to real people but the profiles, mostly fictional.

    Stage names, professional handles, etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022