The security hole has been fixed, Markus says, and all the passwords have been reset. However, Plentyoffish still hasn’t made an official statement about the incident, and we advise users to access the site with caution.

The above is the most important bit of info for Plentyoffish users, but the actual story of the hack and how it occurred is very confusing and differs highly depending on who you believe. According to Markus Frind, who described the hack and the events that followed in detail on his personal blog, Plentyoffish was hacked by Argentinian hacker Chris Russo, who did it under his own name, without taking precaution to hide his identity.

Frind then claims that Russo tried to extort money from him, to which he responded by threatening to sue. The entire blog post is interesting mostly due to its weirdness, as it involves a shady business partner, Frind e-mailing Russo’s mother, and hints about Russo’s other hack-and-extort operations.

The story gets even more convoluted as Chris Russo’s side of the story is revealed in a blog post on Grumo Media. Russo claims he’s merely a security researcher, who had discovered a security hole on Plentyoffish, which was already “under active exploitation by hackers.”

Russo and his team disclosed the vulnerability to Frind’s wife, he claims, and Frind and her were “interested in hiring us as security professionals in order to make an analysis of the plataforms.” However, the relationship quickly deteriorated, with Frind accusing Russo that he stole Plentyoffish’s database, threatening not only to sue him, but also to “destroy” his life.

At this point it’s hard to understand what really happened; but the part of the story everyone seems to agree on is that a very popular dating site has been hacked and that users’ passwords and other personal details (possibly even PayPal accounts) were compromised. Hopefully, the security breach on Plentyoffish has really been fixed, but users who used the same username/e-mail/password combinations elsewhere should immediately change the passwords on other sites as well.

Leave a reply