Cyber Incident Victim: PinkDate.co.uk
Date:
Jul 2016
Location:
Morocco
Summary
The PinkDate.co.uk cyber incident was part of a wider hacktivism campaign by a Moroccan hacker, ElSurveillance, targeting escort websites. ElSurveillance breached multiple dating websites, including Shadi.com, MuslimMatch.com, AfrikaDating.com, and AdultSingleSites.com.au, leaking user records with plaintext passwords. The PinkDate.co.uk website was also compromised, with backend panel access gained, indicating a potential risk to sensitive user data. The incident highlights the vulnerability of online dating platforms and the potential for data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In July 2016, two Muslim-focused dating platforms suffered data breaches within a two-week period, exposing sensitive user information. The first incident involved MuslimMatch.com, reported by security researcher Troy Hunt approximately two weeks prior to July 15. Attackers compromised the site's systems and extracted 150,000 user accounts alongside 790,000 private messages. While passwords were protected using MD5 hashing—a cryptographic method considered outdated by modern security standards—the exposure of private communications created significant privacy risks for users. This breach was documented through Hunt's Have I Been Pwned? service, which tracks data exposures. Subsequently, on July 10, 2016, attackers breached Shadi.com, another Muslim dating platform, stealing 2,035,020 user records containing email addresses and passwords stored in unencrypted cleartext format. The cleartext storage practice represented a critical security failure, as it allowed immediate misuse of credentials without requiring decryption. LeakedSource, a breach notification service, obtained and verified the stolen Shadi.com dataset, confirming its authenticity and scope.
These incidents occurred against a backdrop of similar attacks targeting niche dating platforms during the same timeframe. In June 2016, prior to the Muslim dating site breaches, a Moroccan hacker compromised AfrikaDating.com and AdultSingleSites.com.au—platforms catering to African dating audiences and adult singles respectively. The attacker exfiltrated 12,738 records from AfrikaDating.com and 67,118 records from AdultSingleSites.com.au before publicly leaking the data. While technical specifics of these breaches weren't detailed in available reports, their occurrence demonstrated a pattern of targeting specialized dating services with potentially weaker security postures. For all affected platforms, the primary response mechanism involved directing users to third-party verification services: Have I Been Pwned? for MuslimMatch.com victims and LeakedSource for Shadi.com, AfrikaDating.com, and AdultSingleSites.com.au users. These services allowed individuals to confirm whether their credentials appeared in the stolen datasets, though no platform-specific remediation efforts or organizational responses were documented in available sources. The cumulative impact exposed millions of dating platform users to credential theft, phishing risks, and potential reputational harm due to the sensitive nature of dating service memberships.