A database breach of the controversial BeautifulPeople.com dating website, which was initially thought to contain only test data from a non-production MongoDB server, has been exposed to contain actual customer information. Identifying information about 1.1M customers has been leaked and has begun to be sold around the Internet; attributes including height, weight, sexual preference, phone numbers, email addresses, and as much as 100 other qualities and interests.
BeautifulPeople.com, which claims to be “the largest network of attractive people in the world,” stored all of this information on a MongoDB database that was left open to anyone who knew the right web address. The website’s statement to Forbes claims that the server was shut down as soon as they were notified of the breach and that the breach only affected data provided by customers before mid-July 2015.
References: BeautifulPeople.com Leaks Very Private Data of 1.1 Million 'Elite' Daters | Ugly hack at dating site for 'beautiful' people | ‘Elite’ Dating Site BeautifulPeople.com Leaks Details Of 1.1m Users
The ‘GozNym’ Trojan, discussed in last week’s Threat Report, has spread from North America and is now attacking banking customers in Europe. Researchers at IBM’s X-Force team, which observed this new Trojan only a few short weeks ago attacking banks in the United States and Canada, has now spotted it doing the same in Poland and Portugal. To date, ‘GozNym’ has affected 17 banks in Poland and one major bank in Portugal, as well as customers of Polish webmail service providers.
The Trojan is highly complex and uses a two-phase redirection scheme that fools customers and researchers to notice it. The authors behind this malware have devoted a large amount of time to mimicking websites of popular banking websites and have even embedded SSL certificates in the domain. Researchers say there are few malicious groups in the world with the capabilities to perform this type of attack, mainly the Nymaim gang standing out as a likely culprit.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.