Slashdot Mirror

← Back to Stories (view on slashdot.org)

PlentyofFish Hacked, Founder Emails Hacker's Mom

Posted by Soulskill on from the that'd-probably-stop-a-lot-of-hackers-actually dept.

hellkyng writes "The online dating site PlentyofFish was hacked, and purportedly 30 million customer records were stolen. The site's founder, Markus Frind, is blaming the security researcher who discovered the vulnerability and the journalist who confirmed the issue." The researcher who reported the vulnerability is Chris Russo, one of the guys who hacked The Pirate Bay last year. He explained his side of the story as well. Mr. Frind says he tracked down Russo's Facebook page and emailed his mom.

25 of 367 comments (clear)

  1. should not affect slashdot crowd by Anonymous Coward · · Score: 5, Insightful

    should not affect slashdot crowd since they do not date.

    1. Re:should not affect slashdot crowd by Lord+Ender · · Score: 5, Funny

      On the contrary, I recently experimented with online dating myself. In my experience, the site should actually be called "plenty of whales" though...

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    2. Re:should not affect slashdot crowd by Nadaka · · Score: 3, Interesting

      You must have seen my little sisters profile, she will kill me if she know I was joking about her.

      She keeps telling me about how I can meet a nice girl there after breaking up with my whore ex.

      Right after she tells me about all the dirty old men, halfwits and creeps she has to filter through.

    3. Re:should not affect slashdot crowd by EMR · · Score: 3, Funny

      When I first saw the site, I thought it was Plenty Offish :-D

    4. Re:should not affect slashdot crowd by Anonymous Coward · · Score: 4, Insightful

      My wife and I met via online personals. She was telling me that about 95% of the emails she got were from men with user ID's along the lines of "Bigpenis69" and "Bigstud72" and the like. That's the reason why she even talked to me, because I didn't have a name that was in any way reflecting my supposed virility. I have no trouble believing that most of your sister's replies come from old, creepy dudes.

      Also, regarding the "plenty of whales" comment above... it amuses me to no end that many lonely geeks and nerds will judge less attractive women to be not worth asking out, only to turn around and moan and whine when attractive women use the same methods to exclude them from consideration.
      Q: "Why don't pretty women like me?"
      A: Because they're just as shallow as you are and judge as much by appearance as you do.

    5. Re:should not affect slashdot crowd by sumdumass · · Score: 3, Funny

      I tried online dating once.. Let me tell you something, the online part is just to lure you into it. They expect to see you in real life,.

      God I miss the good ole days when cyber actually meant phone sex over the interweb.

  2. makes sense by Charliemopps · · Score: 4, Insightful

    The "hacker" found a weakness in the websites security and exploited it. Then the website found a weakness in the hackers security and did the same in turn. You'd think the hacker in question would be a little more secure about their own personal information.

    1. Re:makes sense by SIR_Taco · · Score: 5, Funny

      What's worse, after his Mom reads the e-mail, she'll probably kick him out of the basement!

      --
      I say don't drink and drive, you might spill your drink. Before you get behind the wheel just stop and think.
    2. Re:makes sense by pawntokingspawn · · Score: 5, Funny

      and cancel his Warcraft subscription

    3. Re:makes sense by Toze · · Score: 3, Informative

      Specifically, there's a link in the article to Marcus Frind's blog, in which he claims in the same paragraph that "This was an incredibly well planned and sophisticated attack" and that "It took Chris Russo 2 days to break in; he didn’t even try to hide behind a proxy, signed up under his real name and executed the attacks while logged in as himself." Fortunately, Frind then "closed the breach if indeed there was one."

      Now, it's entirely possible- since both of them obviously want to sound as cool as possible- that Chris Russo was hoping to land a security gig with POF, and said some things to suggest urgency and encourage Frind to hire him. But, frankly, Frind, on his own blog, sounds like a disjointed paranoid, talking about how damn clever he is for foiling this wily hacker. Who discovered the plaintext password storage the site uses. If they're both wankers, I'd still give credit to Russo rather than Frind. I use POF myself (with the requisite sense of shame), and the site's asking for password resets because "an argentinian hacker accessed the site." Oh, and here's the brilliant method of getting new passwords; first you enter your email (which an exploiter would already know), then you enter your current password (which the exploiter would know), and your new password. So I guess all the users are pretty much safe! :D

      --
      No OS on the planet can protect itself from a user with the admin password. - Yvan256
  3. Password in plaintext email by RobertB-DC · · Score: 5, Interesting

    I was on the site for a while. It was always slightly clunky, but I'd prefer a free, one-man labor of love to a buy-in site that basically tries to promise sex for money. It was particularly helpful in helping me discover that I wasn't as bad as most of the creeps out there... and conversely, creepiness doesn't belong exclusively to those of the male persuasion. That was good to know -- it helped me realize that I need to be picky. (And my pickiness was rewarded many times over when I found my fiancee. In my Sunday School class).

    But on the tech side, it irritated the living crap outta me that POF would send me a weekly e-mail with my password IN PLAIN TEXT. Every week, just as a reminder of how easy it would be to log in. Yeah, easy for *anyone* to log in as me and, if I were foolish enough to put important information on POF, to mess with my life. And, of course, if I were foolish enough to use that password for my bank account... well, I think anyone on this site knows the rest.

    So I'm not at all surprised that someone found a way to hack POF. Sending a password in plaintext is bad, but not uncommon. Heck, T-Mobile does it. But sending it every week, unsolicited? I'm sorry to be rude, but that's just stupid.

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
    1. Re:Password in plaintext email by Anonymous Coward · · Score: 5, Funny

      And my pickiness was rewarded many times over when I found my fiancee. In my Sunday School class.

      Please confirm that you weren't the teacher, and she's not a student in this class...

    2. Re:Password in plaintext email by Anonymous Coward · · Score: 3, Interesting

      I used POF, and found its interface to be absolute shit. I still get emails from them on a bi-weekly basis, with password still in plaintext (after noticing this the very first time I immediately changed it to something more appropriate to something emailed in plaintext). The guy who runs it makes like $1mil+ a month in ad revenue, so I don't really feel bad about his baby getting hacked when he has the money to hire someone with half a brain.

    3. Re:Password in plaintext email by religious+freak · · Score: 3, Funny

      Agreed. I've used it. And honestly I think online dating is the most efficient way to find someone you're compatible with. You have a list of people answering questions you wouldn't dare to ask them before you see them naked a few times (e.g. what religion are you, do you want to get married and/or just have fun) and you've got a whole list of them. Select your criteria, weed out the fatties and the uglies and email the rest. A couple of them respond, talk to them go on dates with a few and 'viola' - instant girlfriend and/or friend with benefits. It's beautiful. And like you said, most of the competition is just deadbeat dudes. Pretty easy to beat.

      But as you also said, it's one dude's project and the interface... well, it kind of shows it. I'm not surprised they're hacked. But honestly, these dating services are generally public anyway, so if these sites are not hacked, they're definitely farmed. The way I look at it... fuck it. I'm looking for titties!

      --
      If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
    4. Re:Password in plaintext email by Whalou · · Score: 5, Funny

      [...]I'd prefer a free, one-man labor of love[...]

      So you don't date? :-P

      --
      English is not this .sig mother tongue...
    5. Re:Password in plaintext email by danbert8 · · Score: 3, Funny

      You know, I've heard this repeated so many times, but I can't even get a response from girls on dating websites despite not only having a job, but a well paying job. Yes, I'm a nerd, but still. You'd think I could at least get a response... I'm going to go cry into a wad of cash now.

      --
      Yes it's an anecdote! Were you expecting original research in a Slashdot comment?
    6. Re:Password in plaintext email by cayenne8 · · Score: 3, Interesting

      "You know, I've heard this repeated so many times, but I can't even get a response from girls on dating websites despite not only having a job, but a well paying job. "

      Hmm....just how many girls on the websites are you approaching? You know, it is really a HUGE numbers game on the internet, maybe even more so than in real life meatspace.

      Are you trying to contact 100's or more of women a week?

      Make yourself out a basic 'template' of an email to use...with some spaces in there to maybe personalize your message a little bit...maybe to mention one specific thing you read about her (if you bother reading them, and don't go straight from looks). Anyway, use this basic 'canned' email and send it out over and over and over and over and...well, you get the idea. Heck, even send it to chicks you might not even be interested in, just to gage response. If it doesn't work...tweak it a little.

      I actually heard some guys did the reverse engineering thing...they created a fictitious account as a chick, with good looking pics and all...just for the sole objective...of seeing what other guys were posting on their profiles, and the types of emails they were sending. Some guys doing this, even would have girls that were just friends, read what they guys were sending, just to see what they thought they as women would respond to.

      The researchers used all this to tune their emails to women, and started getting a lot more response (of course, they STILL sent out 100's and 1000s of emails to women, but they were better quality emails.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  4. Your mom... by meerling · · Score: 4, Funny

    So an immature but technically competent jerk cracked you computers and is now trying to get your companies lunch money, metaphorically. Your response is, among other things, to tell his mom.
    O_o
    You know, that sounds about right.

  5. Hyphens by Barefoot+Monkey · · Score: 3, Funny

    I realise that this is somewhat off-topic, but it can't be a good idea to have a dating site with a domain name that reads as "plenty offish". When will people learn to use hyphens in domain names?

    1. Re:Hyphens by arth1 · · Score: 5, Insightful

      Ask the good people at penisland, expertsexchange and powergenitalia that :)

  6. Markus' Email to Chris Russo by Japong · · Score: 4, Interesting
    Quoted from Russo's response:

    If this data goes public I am going to email every single effected user on Plentyoffish your phone number, email address and picture. And tell them you hacked into their accounts.

    Then i'm going to sue you In Canada, US and UK and argintina. I am going to completely destroy your life, no one is ever going to hire you for anything again, this isn't piratebay and we definately aren't fooling around.

    Markus.

  7. That *was* the traditional penalty by billstewart · · Score: 5, Interesting

    Back when Cheswick and Bellovin were doing the original Bell Labs firewalls, and caught a Dutch teenager trying to hack into their site, the Netherlands didn't have any computer security laws that made it illegal. "So we called his mom...."

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  8. Re:Not surprised by Joe+U · · Score: 4, Insightful

    Who uses MSSQL?!?

    The same groups that use Oracle and Sybase. People who care about database performance and support.

  9. Bad Title by Galestar · · Score: 3, Insightful

    He didn't email the hacker's mother, he emailed the security researcher's mother. Some unknown party hacked his website, and he blames the security researcher that was going out of his way to assist them in closing the vulnerability. After reading the researchers take on this, POF CEO could possibly be facing criminal charges for uttering death threats, harassment and perhaps a civil libel suit.

    --
    AccountKiller
  10. Typical CEO by Stiletto · · Score: 4, Interesting

    Reading both accounts of the story (one from the CEO, the other from the security expert), it seems to be a case of "who do you believe". All we truly know is that the site was hacked, these guys were involved somehow, and now they're mad at each other. Everything else is just based on what one side or the other says.

    That said, looking through the blog postings of the CEO, he strikes me as having the classic case of paranoid narcissist personality disorder. Every other posting is a rant about how his competitors are all out to get him. Everything they do is about HIM and a response to HIS business. When eHarmony does something, it's not just an innocent business expansion, it's a direct personal attack on this guy. I've worked with presidents and CEOs who use similar wording to this CEO in their daily speech, and whose nuances and mannerisms seem to match this guy's perfectly. Although my examples are only anecdotal, I'd be willing to bet this disorder is quite common among business leaders.

    Not knowing more about the situation and only having their two accounts to go with, I would probably fall on the side of believing the security expert's account more, just looking at the level of paranoia and exaggeration in the CEO's blogging history.