Topface data breach – 20 Million records exposed

Topface, the Russian-based dating site, has been hacked, User names and e-mail addresses of 20 million visitors are offered for sale online.

Nearly 20 Million User names and e-mail addresses of visitors to the Russian-based dating website Topface have been available for sale online, the news first reported by Bloomberg. According to Daniel Ingevaldson, chief technology officer of fraud-detection software-maker Easy Solutions Inc, Topface website has been hacked and attackers have stolen username and passwords of its users to offer them online.

Fifty percent of the Topface credentials belong to Russian users, meanwhile 40 percent is related to European visitors.

“These aren’t credit cards, but this is a tier-one breach,” said Ingevaldson. “These credentials are like the iron ore of the cybercrime industry.”

The company didn’t respond to a request for comment neither has provided details on the incident. Ingevaldson clarified that is no longer clear that users’ passwords were also stolen, as he originally reported to Bloomberg.

Data breach are always dangerous for unaware users that share same credentials across various web services, users’ credentials are precious commodities in the underground market, criminal organizations use to acquire/use them for different kind of online frauds, including banking account takeover. Cyber criminals use a wide range of automated tools to search sites where victims used the same information they did to access the dating site.

Ingevaldson discovered the data breach by noticing a posting by the allegedly responsible for the data theft, which used the alias ‘Mastermind,’ on an online forum used by criminals for sale illegal products. The collection of stolen data includes email addresses related to nearly 345,000 different domain names.

“Seven million of the people that logged in to the St. Petersburg-based dating site used Hotmail.com, 2.5 million used Yahoo.com, and 2.3 million used Gmail.com.” reported Blooberg

Unfortunately cases like this are not isolated, investigators are waiting for a domino effect in the coming weeks that may result in the impairment of several accout used by victims online.

Stay Tuned …

January 26 – UPDATE

Topface published the statement below :

Concerning the information that 20 mln user names and emails of Topface users were hacked we would like to state the following:

1. At the moment we do not have any proven information that any data was stolen from Topface. We have a sophisticated security system and will investigate whether we were hacked or not.

2. Almost all our users use Facebook and other social networks authorisation to access Topface and we have no access to their passwords or any secure data. We also never keep any payment information or other secure information about our users. All the data that we have is e-mail address which can not be used alone to access any secure data. That is why we a pretty sure that our users will not have any problems even if any data wass stolen from our service.

Pierluigi Paganini

(Security Affairs – Topface, data breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.