Specialty dating site Muslim Match has been hacked, with approximately 150,000 dating profiles and 500,000 private messages posted online. The private data made available in this hack includes employment and marital status, religious conversion information, and stance on polygamy, as well as all the confidential information shared between users on the site’s private messaging service.
The leaked database contains eight separate documents, containing personal information including user names and passwords, email and IP addresses, and one file that contained over 790,000 private messages between users.
Sample messages include, “”I was not married or engaged before. As much as I always wanted to share my life with a Muslim wife, I was not fortunate enough to meet my soul mate before now,” and “”I’m interested to get to know you, as I am looking for a soul mate / wife, and hope that it will be you.”
Researchers at Motherboard obtained a full set of data and were able to correlate user names with email addresses, IP addresses and passwords, and to connect specific users with the messages they sent through the service. Analysis of the IP addresses suggests that Muslim Match users were worldwide, from Pakistan, the UK, and the U.S. among others. They also made contact with some users, who said that news of the hack was ‘very scary.’ Zaheer, a current user, said that while he is disappointed in the breach he thought the site lacked security, particularly as they did not use https encryption.
Because six of the eight documents in the database are in SQL format, the hackers may have used SQL-injection to access the database. The breach was apparently exposed by privacy activist ‘TheChthulu’, who noted the discovery on his twitter account. Security researcher Troy Hunt has added the database to his site “Have I Been Pwned?” where users can check if their data has been hacked.
The Muslim Match website is currently suspended for Ramadan. No public statement regarding the hack has been released.