Cyber Incident Victim: freedateusa.com
Date:
Nov 2016
Location:
Russia
Summary
A hacktivist known as ElSurveillance breached freedateusa.com and another dating site, exposing over 127,000 user records containing email addresses and plain-text passwords, including significant volumes of Hotmail, Yahoo, and Gmail credentials. The attacker defaced the sites, alleging Russian operators were harvesting data for malicious exploitation or sale, citing shared administrative credentials, server infrastructure, and plain-text password storage as evidence. ElSurveillance claimed prolonged monitoring of the sites' activities, including fabricated profiles and coercive messaging targeting users. The actor announced plans to release further compromised data from over 50 affiliated dating platforms, totaling millions of records, alongside administrator identities, while investigating potential links between site developers and operators.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In November 2016, the hacktivist known as ElSurveillance, operating under the #EscortsOffline campaign, publicly disclosed breaches of two dating websites, 24luv.com and freedateusa.com. ElSurveillance claimed to have compromised 24luv.com approximately four months prior to the November 12 disclosure and monitored the site for two months before defacing it and releasing 92,937 user records containing plain-text email addresses and passwords. The defacement message alleged the site was operated by Russian cybercriminals harvesting data for resale or targeted attacks, citing identical admin credentials across multiple sites, server co-location, and administrator access to unencrypted passwords as evidence. The dumped 24luv.com data included 8,081 Gmail, 61,035 Yahoo, and 9,826 Hotmail credentials. Simultaneously, ElSurveillance executed an identical defacement of freedateusa.com, releasing 127,395 user records via Sendspace, comprising 25,664 Gmail, 42,450 Yahoo, and 6,890 Hotmail logins. Both defacements urged users to change passwords, warn contacts, and contained religious messaging advocating Islam.
ElSurveillance privately informed DataBreaches.net that all targeted sites shared three admin passwords, hosted on a single server, and exhibited fraudulent behavior, including fabricated user profiles, editable reviews, and extortion attempts via messages from admin-linked IP addresses. The attacker asserted possession of developer identities and announced plans to release a final dump exposing over 50 dating sites, 5 million plain-text credentials, and administrator details. No statements from the affected sites’ operators, law enforcement, or third-party investigators were documented in the source material. ElSurveillance framed the breaches as consumer warnings rather than financial operations, though no independent verification of the Russian criminal affiliation claims was provided. The primary confirmed impacts included exposure of authentication credentials in reversible form and potential secondary targeting of users via reused passwords or phishing leveraging the breached email addresses.