150,000 users’ credentials and passwords on the dating site “Muslim Match” were hacked and 700,000 private messages between users were posted online.
Muslim Match site is a free site where people could join from around the world and connect with others in order to share experiences, ideas, personal thoughts and information with the aim to find a perfect and suitable match for themselves.
Leaked data included personal and sensitive information such as religion status, social status, is the person working or not, email address, Skype names and over 700, 000 personal messages exchanged between the Muslim Match users.
Motherboard found a way to speak with some of the affected users where they clearly stated disappointment with the site:
"I feel disappointed but the site didn't seem to be secure in the first place. They never used https."
The location of the affected users is various, since they are based all around the world, including even US and UK.
Motherboard assumes that the attackers probably used SQL-injection to hack the website and get all the data.
It is not the first and not the last match-making-site that is hacked. It is just one in a row. Previously we had victims from BeautifulPeople.com and eHarmony, among others.
What can we learn from this?
Here we have a scenario where a website didn’t take seriously their users privacy since there was a lack of HTTPS. It is the responsibility of each site, of each organization to secure their pages since theirs end users engage with them daily and share all their private data. On the other hand users should always check beforehand the website they plan to engage with and see their security level so these kind of situation never happen to them.