Dating site Muslim Match has been breached and 150,000 log-ins posted online alongside hundreds of thousands of private messages between users, according to reports.
Motherboard confirmed that the email addresses it checked from the full dataset, made available by TheCthulhu are genuine and linked to real accounts on the site.
Profile information apparently also includes marital status and whether the individual would consider polygamy. The cache contains 790,000 private messages sent between users of the site – some of which contain even more private info including Skype handles, the report claimed.
“I feel disappointed but the site didn't seem to be secure in the first place. They never used https,” one user called Zaheer told Motherboard.
Brian Spector, CEO of authentication firm Miracl, said dating sites have long been a target for hackers, with the likes of Ashley Madison, Plenty of Fish and Match.com all falling victim in the past.
“What’s worrying is that Muslim Match doesn’t seem to have been encrypted, which would be the most effective way to keep information free from the prying eyes of hackers,” he added. “And with data such as personal messages being available to the attackers, we could see a similar scenario to that of Ashley Madison, where users who sent sensitive messages are blackmailed.”
AlienVault security advocate, Javvad Malik, explained that smaller sites often have fewer resources to devote to security.
“However, no online company is ‘too small’ or unimportant to be targeted by attackers, especially when user data is involved,” he added.
Malik also claimed the religious and cultural taboos at play in this instance could make blackmail a very real possibility.
“Where possible, people should consider information on websites to be publicly available,” he argued. “Therefore, they should consider what photos and information they post and share and the potential impact if the content is shared broadly.”