Cyber Incident Victim: ElSurveillance

The ElSurveillance incident involved unauthorized access to multiple online dating platforms, primarily targeting Muslim-focused services in July 2016. On July 10, attackers breached Shadi.com, a Muslim dating portal, compromising 2,035,020 user records containing email addresses and passwords stored in cleartext. LeakedSource obtained and verified this dataset, marking the second major breach of a Muslim dating site within two weeks. Earlier in July, security researcher Troy Hunt reported MuslimMatch.com had been compromised, exposing 150,000 user accounts alongside 790,000 private messages. Unlike Shadi.com, MuslimMatch.com had implemented MD5 hashing for password storage, though this weaker cryptographic method still posed significant risks. These incidents followed a separate June 2016 breach by a Moroccan hacker targeting AfrikaDating.com (12,738 records) and AdultSingleSites.com.au (67,118 records), though this activity appeared unrelated to the July attacks against Muslim platforms.

The breaches exposed sensitive personal information across multiple jurisdictions, with Shadi.com's cleartext password storage substantially increasing risks of credential reuse attacks. LeakedSource and Have I Been Pwned? served as primary verification channels for affected users, though neither platform provided details about intrusion methods or perpetrator identities. The publication of private messages from MuslimMatch.com created additional privacy concerns beyond credential exposure. No containment measures or official responses from the affected companies were documented in available sources. The cumulative impact spanned over 2.2 million directly affected users across the two Muslim dating platforms, with secondary risks extending to any services where victims reused compromised credentials. The incidents highlighted security vulnerabilities in niche dating platforms handling culturally sensitive data.