The sensitive personal information of a lot of individuals was seen auctioned for sale on the dark web forum. The leaked individual data came from two gay hookup sites believed to be hacked by Blackhats. The stolen data contain enough personally identifiable information to engage in identity theft, such as usernames and passwords, email addresses, profile pictures, sexual preferences, birth dates, postal addresses, IP addresses, and bios.
According to TechCrunch, the individuals’ passwords were encrypted with a weak algorithm in the compromised sites and could be broken by a more persistent hacker. More than 80,000 people have been affected by this incident, and security experts warn that the hackers could use those passwords to compromise other online platforms and banking details of the hack victims, possibly because most people use the same password across multiple platforms.
HaveIBeenPwned founder Troy Hunt described the incident as a “typical forum breach, albeit with super sensitive content”. The report reveals that messages users exchanged, including arranged meetings and sexual preference descriptions, were seen on the dark web heightening the possibility of identity theft.
The two gay hookup sites - CityJerks and TruckerSucker, share almost the same interface and information, making it look like they are being managed by the same company, hence the successful hacking of both sites.
Security experts advise those affected to change their passwords across multiple sites they are registered in, including their financial institution. They should also strengthen their security both online and offline and avoid blind dates as they could lead to kidnapping.