Cyber Incident Victim: Mate1.com
Date:
Feb 2016
Location:
United States of America
Summary
A hacker compromised a dating site's server, gaining command access and exfiltrating a MySQL database containing approximately 27 million user email addresses and plaintext passwords, later sold on a dark web forum. The attacker claimed to have pruned bot accounts from an original set of 40 million records, citing identifiable password patterns among fraudulent entries. Analysis of a sample confirmed nearly all emails corresponded to valid accounts, though some addresses contained typos or may have been registered without owner consent. The site's insecure storage practices were corroborated by a password recovery feature that emailed credentials in unencrypted form. Exposed credentials pose risks beyond unauthorized access to the platform itself, as reused passwords could facilitate compromises of higher-value accounts like email or financial services. The data was listed for 20 bitcoin (approximately $8,700), though actual sale terms remain unverified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late February 2016, a hacker operating on the dark web forum Hell claimed to have compromised the dating website Mate1.com and sold a database containing over 27 million user credentials. The attacker stated they gained unauthorized shell access to Mate1's servers and extracted the site's MySQL database, which initially contained approximately 40 million accounts. After removing what they described as "bot logins" that followed a common password pattern, the hacker allegedly sold the remaining 27 million records containing email addresses and plaintext passwords. Technology publication Motherboard verified the breach's legitimacy by obtaining and testing a sample of 500 credentials from the stolen data, finding 498 email addresses linked to active Mate1 accounts. The site's user base was publicly listed at 36.5 million accounts at the time of the incident, though the hacker's pruning process reduced the number of valid credentials in the final dataset offered for sale.
The attacker listed the database for sale at 20 bitcoin (approximately $8,700), though the actual sale price remained unconfirmed. Forensic analysis of the sample data revealed Mate1 stored passwords in unencrypted plaintext format, a security failure corroborated when Motherboard successfully retrieved a user's password through the site's "forgotten password" feature, which emailed credentials in clear text. The dataset contained numerous email addresses with apparent typographical errors (such as "gmaile.com") and unverified accounts, as Mate1 didn't require email confirmation during registration. While the company did not respond to multiple requests for comment regarding the breach, the exposure created significant secondary risks beyond compromised dating profiles, as many users likely reused their Mate1 passwords for more sensitive accounts including email services and e-commerce platforms. The scale of the credential dump suggested potential follow-on attacks against victims' other online accounts through automated credential-stuffing attempts.