PlentyofFish.com Hacked

I thought something was fishy when I got an email yesterday from plentyoffish.com that they have reset my password.

Hello jerryxxxx, your NEW password is xxxxxxx, As a security precaution we have reset everyones password on plentyoffish. If you used your plentyoffish password elsewhere we suggest you reset it. Even if you didn't resetting all your passwords every 6 months is a good idea. We did this after a hacker came to us telling us he had access to our data. For further assistance with changing your password please see our help page: http://www.plentyoffish.com/faq_login_out.aspx 

My suspicion was confirmed when PlentyofFish CEO, Markus Frind wrote this blog entry that pof.com was hacked.

What especially concerns me is that Markus Frind reset everyone’s password and sent the new password in plain text.
This indicates that pof.com’s security features are no better than some college freshman’s little pet project.
This brings the question about the issue of online security. It is no secret that online dating sites collect plenty
of information about its members presumed to be used to profile you and to provide you with matches. The information
collected are intimate and very personal. How are online dating site’s security features? Do they have a team dedicated to test the site’s database vulnerability? Is your information safe?

If you go to the blog’s comments, the supposed hacker, Chris Russo, tries to explain himself that he was actually playing the devil’s advocate and did pof.com a favor by showing how vulnerable the site really is. It’s interesting
how he interacts and responds to members of pof.com who are obviously worried.

What should you do if you have a profile with pof.com? I’ll let you decide, but there is a good reason why it did
not make our top 10 list.