Hackers exploit hookup websites to steal emails and private messages

Posted on April 29, 2023 at 4:25 AM

Hackers exploit hookup websites to steal emails and private messages

A data breach expert has revealed that hackers have stolen email addresses, direct messages, and personal data from users on two dating websites. This hacking exploit was revealed by the founder of Have I Been Pwned, Troy Hunt.

Hackers steal email addresses and messages from hookup websites

Troy Hunt was alerted of this exploit earlier this week. Besides being the founder of, Have I Been Pwned, Hunt also maintains data on the breach alerting website. Hunt noted that he was alerted of hackers stealing data from two dating websites; CityJerks and TruckerSucker.

While speaking to TechCrunch, Hunt said he analyzed the allegedly stolen data from the dating websites. He found that the data contained email addresses, usernames, profile pictures, passwords, sexual orientation, users’ date of birth, IP addresses, city and state, and biographies.

The stolen passwords are currently encrypted, but they have been scrambled with a weak algorithm that can easily be broken and enable the hackers to see the actual passwords. According to Hunt, this exploit was “really just a typical breach, albeit with super sensitive content.”

Part of the sensitive content the hackers accessed includes the message sent and received by users on the hookup sites. Some of these messages included the locations where some users would be on a particular date. It also shows the sexual preferences of the users and the messages used to illustrate the same.

According to Hunt, the alert about this breach was advertised on a hacking forum. The data published on this forum proves that the exploited hookup websites were indeed CityJerks and TruckerSucker. If this data is purchased, it could be used by threat actors to conduct a wide range of malicious activities, such as phishing campaigns.

The seller advertised the stolen data from TruckerSucker in a post claiming that the database contains the information of 8000 users using the platform. The advertisement for the CityJerks data has the seller claiming that they have a database with data belonging to 77,000 users.

Have I Been Pwned issues alerts on the largest data breaches

Hunt launched the Have I Been Pwned platform in 2013. At the time, the site was geared towards helping people share their experience with data breaches and whether they have fallen victim to any exploits.  

Since its launch, Have I Been Pwned has become one of the most active sites in the cybersecurity space. The data-breach notification service processes thousands of daily requests from users checking to see whether their data has been compromised or is being traded on hacking forums.

This platform has grown significantly over the years and now sits below the 10 billion mark for breaches in the industry. Hunt note that it is very likely that most people on the internet have fallen victim to a data breach. “For those of us that have been on the internet for a while it’s almost a certainty,” Hunt believes.

Have I Been Pwned is a pet project by Hunt, but it has rapidly evolved over the years and gained popularity. People initially used the platform to learn the basic aspects of Microsoft Cloud, but its simplicity to use has seen it become a widely used platform in cybersecurity. The popularity is largely driven by the curiosity of individuals looking to see the sites that have fallen victim to exploits.

Over the years, the Have I Been Pwned service grew significantly, and it now plays a proactive security function where it allows browsers and password managers to have a backchannel to Have I Been Pwned that can be used to issue warnings on the previously breached passwords on the database.

The success of Have I Been Pwned can be attributed to Hunt, who has served as its founder and the only employee. Despite the size and the limited resources on this site, it does turn in a profit.

The workload needed to support the normal operations of Have I Been Pwned has increased significantly over the years, and according to Hunt, the strain of running this platform without external help has started to take its toll. Hunt had earlier attempted to sell the platform after a tough year but is back to running the site. The platform is rapidly growing, and there are no signs that this growth will slow down.

Summary
Hackers exploit hookup websites to steal emails and private messages
Article Name
Hackers exploit hookup websites to steal emails and private messages
Description
Hackers have stolen email addresses and direct messages from two dating websites. The exploit was revealed by the founder of Have I Been Pwned. The data has been advertised on a hacker forum.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading