Feeds

back to article Dating site and hacker in online spat over security breach

The founder of Canadian dating website PlentyOfFish.com has become embroiled in an online spat with a white-hat hacker who found security bugs on the site and a reporter who began asking questions about the flaw. Markus Frind, the founder and chief executive of Plenty of Fish, claims he was approached by someone who exported 345 …

COMMENTS

This topic is closed for new posts.
FAIL

fools

"Krebs reckons the site got into problems because it stored user login credentials in plain text, a point PlentyofFish disputes."

How can they dispute this? They email EVERY user their password in PLAIN TEXT on a weekly basis. Unsolicited. Turning that weekly email off is a chore.

Every week. Helpfully reminding you of your password. Not "some of it". Not "a hint". Not a masked version. All of it.

10
0
Coffee/keyboard

WHAT?????

I have a shitfit whenever a site asks you to set a password and then e-mails it to you in plaintext.

If a site I used e-mailed it in plaintext every week I'd probably wind up driving to their HQ and smashing their e-mail servers!

3
1

This came up on slashdot

A few punters there said the site would regularly email them a their password as part of a "reminder" email. So plaintext or not, it was recoverable, which is very bad - they should have stored a hash for comparisons.

2
0
Stop

White hat ??

Doesn't sound very white-hat to me...

4
2
Happy

Chris Russo

Is a fairly well-known white hat hacker.

--Glenn

0
0
Thumb Down

PoF

Has the worst UI I've ever seen. It's just so bad.

2
1

This post has been deleted by its author

Silver badge
Unhappy

Has the worst UI I've ever seen. Did you go ...

any further and check out the 'fish'.

Pretty rough looking.

1
0
FAIL

Not the only company to use Plaintext Passwords

Virginmedia sent me an unsolicited letter recently with my "new" password on it.

Except it wasn't a new password, it was the password I'd been using for several (!) months (since we all change our ISP password every few months, don't we!)

So if they can print it on a letter, I'm betting they can view it on screen too.

It's changed now though!

1
0
Anonymous Coward

Emailed Password

DatingAgency.com send you a copy of your password and login name with every email that they send you, all in plaintext, despite being told to stop it a number of times.

0
0
WTF?

POF security?

Once you log into POF there is still no security.

You think you are dealing with a MATURE and SECURE website for adults to be dating other adults.

But when you join POF you are not treated like an ADULT.

All your emails are read when sent to your potential partner.

Kinda like sending your love letter through a prison where the warden reads all your mail.

Of course they justify this saying its a private site and they can do as they please.

Make note if no woman ever contacts you it is because another male at POF has stopped your send and deleted your email.

So POF is really a fake site made for closet basement boys who like to read other mens emaisl to women.

0
0
Thumb Down

Plenty of Phish?

Yup, they send lots of plaintext passwords around the internet. The new reset password hit my inbox in plaintext earlier this week. It isn't like it is hard for someone with access to configure a router on a main trunk to store copies of any email containing the word "password" that hops through it! You can even machine-sort them by source address and then apply a simple filter to extract username and password into a table, ready for sale to the highest bidder.

2
0

Yesbut

the details of the 'hack' don't make sense.

'Krebs set up a free account on the site, details of which Russo was able to recite back to him'

-umm which details exactly? Presumably not the details which were available to anyone browsing the site looking for information put up expressly for that purpose?

So are we talking banking details? Presumably not, as this was a free account. Email? Home address? Or was it possible to pwn the acct - and if it was, why not say so?

I guess I could follow up the links and find out, but isn't that kinda what the reporter of this story should have done?

0
1

No

No, he shouldn't have posted details, think about it. White hat hacker. No details. Reporter may know details, but should not publish them. Why? because the details will probably be used.

--Glenn

0
0
Flame

Tee-hee-hee

He should have downloaded the entire membership database and sent it to WikiLeaks since they have a habit of distributing the personal details of innocent people. No doubt most of the readership of this website would approve judging by the votes on recent WikiLeaks articles.

0
4
Happy

pof emails changed :)

Used to get my password emailed to me, there were complaints on the forums, but there was a recent password reset and changed to some random password, now stored in browser and some other place with the other 50-100 passwords I use

0
0

Why bother with the place

After all, when it comes to dating sites, there are plenty of fish in the sea...

0
0
Bronze badge
Joke

If at first you fail... fail, fail again

Just got an email with the new password I had had to reset. In plain text, again :-(

Not to mention that the reset password procedure was epic in how badly it was presented:

Standard old password, new password, new password confirm form. Except that he filled in the old password field with the, still current, user name. But when I typed in my new password twice, I was told the old password didn't match (it had been pre-filled with the user name, but I was logged in already).

Several doh moments later, my new password was ready... for transmission in clear via email.

But, eh, the site's free and there is nothing really private on my profile, besides me admitting that I like to wear pink tutus, enjoy cross-dressing and have fantasies about a Mother Theresa and Megan Fox threesome ;-)

1
0
Unhappy

You should read your mail

I posted to that ad of yours Jean-Luc and you never replied back. I had my GIMP suit and mother Theresa mask all ready for a date even.

0
0
This topic is closed for new posts.