User names and passwords of 20 million visitors to an unidentified dating site have been hacked and offered for sale on a website, according to a posting by the thief on an online forum used by cybercriminals.
Hackers can use the credentials to try to access bank accounts, health records or other more sensitive data, said Daniel Ingevaldson, chief technology officer of fraud-detection software-maker Easy Solutions Inc., in a telephone interview. Ingevaldson issued a statement about the breach after seeing the post, published anonymously by someone using the alias ‘Mastermind.’
Fifty percent of the credentials were for people based in Russia, and 40 percent came from the European Union. All told, the 20 million people used e-mail addresses with 345,000 different domain names. Seven million of the people that logged in to the dating site used Hotmail.com, 2.5 million used Yahoo.com, and 2.3 million used Gmail.com.
“These aren’t credit cards, but this is a tier-one breach,” said Ingevaldson. “These credentials are like the iron ore of the cybercrime industry.”
He said such personal information usually sells quickly, to fraudsters who use automated software programs to find sites where people used the same user name and password they did to access the dating site.
Spokesmen from OKCupid, Match.com, PlentyOfFish and eHarmony didn’t return e-mails asking if they were the victims of the breach.
© Copyright 2025 Bloomberg News. All rights reserved.