Cyber Incident Victim: BeautifulPeople.com
Date:
Dec 2015
Location:
United States of America
Summary
A dating platform experienced a significant data breach exposing sensitive information of 1.1 million members, including sexual preferences, relationship statuses, income, addresses, physical attributes, contact details, location coordinates, and private messages. The compromised MongoDB database, hosted on an unsecured test server accessible without authentication, contained over 100 data attributes per user and 15 million internal communications. Researchers confirmed the authenticity of the leak through password reset verification and user validation, with evidence indicating the stolen data entered underground trading markets. While the company asserted affected members were notified and emphasized encrypted passwords with no financial exposure, impacted users contradicted claims of prior disclosure. The incident followed a pattern of insecure non-production database exposures affecting multiple organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The BeautifulPeople.com data breach originated with the exposure of a MongoDB test server containing sensitive user data, first identified by researcher Chris Vickery in December 2015. The dating platform initially characterized the compromised server as a non-production staging environment, asserting no connection to their live systems, and claimed immediate shutdown upon discovery. However, subsequent analysis by security expert Troy Hunt revealed the database contained authentic records for 1.1 million users, contradicting the company's initial assessment. The exposed information included highly personal attributes: sexual preferences, relationship statuses, income levels, physical addresses with geolocation coordinates (latitude/longitude), mobile numbers, encrypted passwords, and physical characteristics such as weight, height, body type, and eye color. Additionally, 15 million private messages between users were extracted, with samples provided to Forbes demonstrating explicit content and derogatory remarks about other members' appearances.
Unauthorized actors accessed the unprotected MongoDB instance before its lockdown, circulating the dataset within underground data trading communities by early 2016. Hunt validated the breach through password reset functionality tests on BeautifulPeople.com, confirming active accounts matched leaked email addresses. Two verified users confirmed their personal details—including accurate geolocation data pinpointing their registration locations—appeared in the stolen records. The company maintained all affected members received breach notifications in December 2015, though interviewed users denied receiving any alerts. BeautifulPeople.com emphasized no financial data was compromised and passwords remained encrypted. The incident followed multiple prior controversies involving the platform's removal of members deemed insufficiently attractive, including mass account terminations for weight gain or aging. Concurrent security researcher findings highlighted systemic vulnerabilities in MongoDB deployments, with Vickery discovering similarly exposed databases containing millions of Mexican voter records and MacKeeper user profiles during the same timeframe. The breach exposed users to potential blackmail, identity theft, and public humiliation given the intimate nature of the leaked attributes and communications.