A site lookup shows that both 24and are hosted on and are registered in Russia.
is recognised as the largest online dating site in the world.
The hacktivist known as El Surveillance, whose operation is #Escorts Offline, is back with two more data dumps from dating sites.
The first target was 24luv.com, where El Surveillance claims he hacked and dumped 92,937 users’ email addresses and plain-text passwords.
I compromised this website about four months ago and I have been watching it for couple of months now I finally decided to warn all the users and anybody who’s thinking about join this service This dating website runs under a Russian black hat cyber criminals who aims to collect all your data As much as possible so they can target you or sell it in the underground market forms You’re data/personal information ain’t safe, So you are And you better start thinking about the long term damage this may/might cost you, Your family and friends There are plenty of profiles out here which are fake and even the reviews are editable and more Download Hacked accounts “Email & password” in plain-text Make sure you change all your passwords And make sure you warn anybody you know who uses/used this website I did my best & you should do the rest Stay safe mate The message was followed by an encouragement to users to follow Islam and the way of Allah.
The data dump includes 8,081 Gmail logins, 61,035 Yahoo logins, and 9,826 Hotmail logins.
Adobe were hacked and exposed 153 million user credentials, Mac Rumours lost the account details of 860,000 users and Cupid Media lost the plain text credentials of 42 million dating website users.
Having such a huge and purely online presence, the average person would be forgiven for thinking that security and privacy would be top of the agenda.
As far as bad trends go, loading a login form over and then using a POST request to https:// is pretty much up there with the worst.
Loading sensitive data like a secure link over opens up attack vectors for a malicious third party to rewrite the data in transit.
My previous blog about TLS and data integrity covers this concept in a lot more detail.
Here you can see the home page loaded over with the login and sign up forms.