PlentyofFish.com Hacked

I thought something was fishy when I got an email yesterday from plentyoffish.com that they have reset my password.

Hello jerryxxxx, your NEW password is xxxxxxx, As a security precaution we have reset everyones password on plentyoffish. If you used your plentyoffish password elsewhere we suggest you reset it. Even if you didn't resetting all your passwords every 6 months is a good idea. We did this after a hacker came to us telling us he had access to our data. For further assistance with changing your password please see our help page: http://www.plentyoffish.com/faq_login_out.aspx 

My suspicion was confirmed when PlentyofFish CEO, Markus Frind wrote this blog entry that pof.com was hacked.

What especially concerns me is that Markus Frind reset everyone’s password and sent the new password in plain text.
This indicates that pof.com’s security features are no better than some college freshman’s little pet project.
This brings the question about the issue of online security. It is no secret that online dating sites collect plenty
of information about its members presumed to be used to profile you and to provide you with matches. The information
collected are intimate and very personal. How are online dating site’s security features? Do they have a team dedicated to test the site’s database vulnerability? Is your information safe?

If you go to the blog’s comments, the supposed hacker, Chris Russo, tries to explain himself that he was actually playing the devil’s advocate and did pof.com a favor by showing how vulnerable the site really is. It’s interesting
how he interacts and responds to members of pof.com who are obviously worried.

What should you do if you have a profile with pof.com? I’ll let you decide, but there is a good reason why it did
not make our top 10 list.

  • AR

    That’s really strange. I am on POF but I didn’t get an e-mail like the one above giving me a new password. All that happened was last week I logged onto the site and came to a screen that said my password had ‘expired’ and that I was supposed to come up with a new password. It didn’t tell me why I was supposed to change the password and in retrospect, I find it kind of silly the way it was handled. I would have preferred to get an e-mail like the one above and I’m wondering why I didn’t.

  • Jerry

    It absolutely could have been handled much better. It looks like a lot of people were not happy with the way it was handled and the level of security the site runs under. I’m sure this will turn off a lot of pof users and until Markus shelves up some money to hire a real security team, people will stay away from his site.

  • unbelievable!!!