/ NEWS

Popular articles

27 / 04 / 2016

Now their data is being sold online in 2016

MacKeeper Security Researcher Chris Vickery discovered the unsecured database in late 2015 and contacted BeautifulPeople.com to secure the user data. The bad part of this story is that the data was downloaded by cyber criminals sometime between this gap of when the database was unsecured, when it was discovered by Vickery, and when beautifulpeople were notified to secure the database. Now those criminals are selling the data of 1.2 million users online.

The website beautifulpeople.com claims to be an elite place where only “beautiful people” are welcome and “ugly people” are not welcome. Users get to vote on who joins the site and who does not based on their looks. The voting ranges from “absolutely not beautiful” to “beautiful” and promises “real connections with beautiful people in your area”. Since the leak the private information of 1.2 million users is for sale on the “Dark Web”. This data includes users’ addresses, emails, height, employment, education, income and locations visited. This included 15 million private communications between users are also included in the leak.

To be completely clear here, there actually was no "hack" or “breach” as some might think. BeautifulPeople.com had an open MongoDB database that was configured for public access (no password) back in December of 2015.

The data does not contain any credit card or billing information and passwords appeared to be encrypted. The private messages between users could be used for extortion just as we saw with the Ashley Madison leak sparked online hate crimes, online scams and may be related to two unconfirmed reports of suicide. It was also reported that the database included 170 profiles from United States government employees who actually used a .gov email address for their account.

No password or authentications were used to protect the database and the fallout continues as the data is sold to more and more illicit groups who will try and exploit the account information.  

Beautifulpeople.com did take steps close the vulunerability and to notify their users of the breach. BeautifulPeople.com claimed the compromised data came from a test server, but why would so much data be kept on a test server? This is yet another wakeup call for companies and private individuals to be vigilant with data protection practices and regular security audits.  

*

Attention - Portions of this article may be used for publication if properly referenced and credit is given to MacKeeper Security Researcher: Chris Vickery. 

Do you have security tips or suggestions? Contact: cvickery@kromtech.com