Specialty dating website “Muslim Match” has been hacked. Almost 150,000 user qualifications and profiles have now been published online, along with over half a million personal communications between users.
Protection researcher Troy search has added the info to their breach notification web site “Have I Been Pwned?” for your website’s users to test if they’ve been afflicted with the hack. Meanwhile, technologist Thomas White, otherwise called TheCthulhu, has released the dataset that is full, for anybody to down load.
Launched in 2000, Muslim Match is really a site that is free-to-use individuals looking companionship or wedding. “solitary, Divorced, Widowed, Married Muslims :: Coming together to share with you some ideas, thoughts in order to find a suitable wedding partner,” the website’s Facebook profile reads.
Motherboard obtained the complete dataset of simply under 150,000 individual records along with the cache of personal communications. Every email Motherboard arbitrarily picked through the dataset had been connected to a free account on Muslim Match.
Search remarked that the information includes whether each user is a convert or otherwise not, their work, residing and status that is marital and if they would think about polygamy. He also pointed out that a few of the e-mail details are marked as “potential users.” It is not completely clear why somebody may be marked as being a “potential” individual.
One file also incorporates around 790,000 personal messages delivered between users, which handle sets from spiritual conversation and little speak with wedding proposals.
“we want to marry you if u agree I deliver my photos and deatails sic,” one message checks out.
“You certainly will enjoy whenever u talk to me,” another checks out. “i am genuine and truthful and have always been seriously searching for a muslimah that is right could possibly be a pal, a friend to carry arms thru journey of life and past.”
A number of the communications seem to be spam, having been submitted quick succession and containing the precise content that is same. (On its homepage, Muslim Match warns of a rise in fake users.)
The dataset comes with a number of shorter messages that seem to be from an instant messaging function.
“we feel disappointed however the web web site did not appear to be safe into the place that is first. They never utilized https.”
Making use of information inside the dataset, Motherboard surely could connect personal communications with particular users. By cross-referencing the various files, it had been feasible to get the username out of the individual who delivered the message, along with their logged internet protocol address and poorly-hashed, MD5 password. A few of the communications likewise incorporate more information, such as for example Skype handles, which users have actually exchanged.
Just by the IP details, Muslim Match’s users are based throughout the globe, such as the UK, Pakistan, therefore the United States.
The Muslim Match hacker might have utilized SQL-injectionвЂ”an ancient but commonly effective internet attackвЂ”to have the information, just by the structure the files have been in.
Motherboard been able to talk with one Muslim Match user, and search reached two extra users who had been pleased to talk.
“we feel disappointed but the web web web site did not appear to be safe into the place that is first. They never utilized https,” Zaheer, a current individual, told Motherboard in a message, talking about the protocol utilized for encrypting traffic and particularly internet site login displays.
When expected if he previously any privacy issues, another user called Rook said he discovered the headlines “Very frightening. There was a great deal intimate information added to this site to start with, if you are genuine about finding a great match.”
The administrator of Muslim Match failed to answer numerous email messages and messages delivered through your website, and all sorts of associated with the organization’s detailed cell phone numbers are disconnected. The website’s social networking pages haven’t been updated since June 2014.
But after being contacted by this reporter, Muslim Match went temporarily “down for maintenance” on Wednesday. Shortly after, your website ended up being right back, but claimed it absolutely was going for a break that is short Ramadan.