Joseph Cox at Motherboard reports:
Specialty dating site “Muslim Match” has been hacked. Nearly 150,000 user credentials and profiles have been posted online, as well as over half a million private messages between users.
Launched in 2000, Muslim Match is a free-to-use site for people looking for companionship or marriage. “Single, Divorced, Widowed, Married Muslims :: Coming together to share ideas, thoughts and find a suitable marriage partner,” the site’s Facebook profile reads.
One file also contains around 790,000 private messages sent between users, which deal with everything from religious discussion and small talk to marriage proposals.
Using information within the dataset, Motherboard was able to link private messages with specific users. By cross-referencing the different files, it was possible to find out the username of the person who sent the message, as well as their logged IP address and poorly-hashed, MD5 password. Some of the messages also include extra information, such as Skype handles, which users have exchanged.
By all accounts, Muslim Match dropped the ball when it came to properly securing its systems and its users’ data.
It’s easy to imagine how this information could be abused if it fell into the wrong hands… :(
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.