View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 4, 2018

Wish Companies Would Stop Downplaying Security Breaches? This Dating Website Made One Up

“I saw that and I thought that’s a little bit strange,” said Cluley. “Because how do they know people put on a little weight over Christmas? It’s not as if you update your dating profile to say ‘I’ve gorged myself on Yorkshire puddings’".

By jonathan chadwick

Companies with great troves of customer data are always doing their upmost to play down a security breach. Facebook for example, last week updated its users of the breach that affected 50 million accounts in a blog post casually titled, “Security update”.

Others are reluctant to tell their customers at all; Yahoo was sued earlier this year for covering up the hack of 3 billion user accounts for months.

But what about companies at the other end of the scale, who fabricate and make up security breaches out of thin air?

AT IPExpo in London on Wednesday, Graham Cluley, independent cybersecurity researcher, presented a case study of such company.

beautiful people hackBeautiful People Hack is a dating website exclusively for people deemed by its community of users as physically attractive.

In 2011, the site issued a press release saying it had been hacked with a virus that dismantled its vetting process and allowed anyone create an account on the site, which it said allowed unattractive or overweight people to create an account.

“I saw that and I thought that’s a little bit strange,” said Cluley. “Because how do they know people put on a little weight over Christmas? It’s not as if you update your dating profile to say ‘I’ve gorged myself on Yorkshire puddings’.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

A year later, BeautifulPeople said they threw out another 30,000 members after another supposed virus, dubbed the “Shrek virus”.

beautiful people hackCluley said that at that time, he was working for an anti-virus company.

“When I heard that a dating website had been hit by a virus, I was interested in seeing that piece of malware; we wanted to detect it because if a piece of malware had done such a thing, our anti-virus would be updated to protect other dating websites.”

“They didn’t return my calls, so I got curious about BeautifulPeople.”

Cluley contacted the company to learn more about the virus, to be told that the matter was being “internally investigated”.

BeautifulPeople also said it hadn’t stemmed from an external hacker but an employee, and the only ones who had to worry about their data were the 30,000 “ugly people” who had been booted off the site.

“And this story was scooped up and digested and regurgitated in the media around the world, who believed it hook, line, and sinker.

“Here we have a company who is lying about being hacked. What’s unusual is normally companies lie to say they haven’t been hacked, or they’d only been a little bit and not much data’s been given.

“In the case of BeautifulPeople, they lied to say they had been hacked to get more media attention and more people joining their website.”

There was a coda to the Beautiful People hack story, Cluley said.

BeautifulPeople got hacked — an actual hack that affected 1 million of its users, in the process divulging an array of specific personal information.

“Surprisingly, BeautifulPeople didn’t choose to do a press release about this security breach,” Cluley concluded.



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.