Skip to main content
  1. Home
  2. Computing
  3. News

Plentyoffish hacker Chris Russo infiltrates eHarmony, user data stolen

By

plentyoffish-hacked-chris-russo-eharmony-hackPopular dating site eHarmony.com has been hacked, according to Brian Krebs of security news site KrebsOnSecurity.com, who informed the company of the breach. Users of the site have been notified to change their passwords in an effort to curb the consequences of the attack.

Krebs says the man responsible is none other than Argentina-based “security researcher” Chris “Ch” Russo — the same person who recently cracked into eHarmony competitor Plentyoffish.

Russo told Krebs that he had discovered eHarmony’s vulnerability late last year, but had said that he had “hit a brick wall in his research.” Roughly a week ago, however, Krebs says he heard from “a source in the hacker underground” that eHarmony had been hacked.  After some research, Krebs discovered a post on hacker site Carder.biz, submitted by user “Provider,” which offered eHarmony user data for $2-3,000. Russo initially said he knew nothing about the illegal data sale, but later conceded that an “associate” of his may have been responsible.

Chief technology officer for eHarmony, Joseph Essas,  told Krebs that Russo discovered an SQL injection vulnerability, which gave him access to user data, including “screen names, email address, and hashed passwords. But added that they had “found no evidence to suggest that Russo has successfully compromised at the network level our corporate email and eHarmony site environments.”

Essas added that Russo had approached eHarmony to offer them security services to fix the flaws in their system. Needless to say, eHaromony declined.

“Russo’s fraudulent efforts to obtain money from us are most disturbing,” Essas told Krebs. “As such, we are exploring our legal rights and remedies as well.”

Plentyoffish CEO Markus Frind reported a similar extortion attempt by Russo.

Given these two instances, it’s difficult to determine Russo’s intentions. Are they merely foolish extortion attempts, or is he genuinely trying to offer his security services? (Which, in the way he’s conducting business, would seem equally foolish.)

Regardless, he certainly is making a name for himself — and a bad one at that.

Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more