Every email address Motherboard randomly picked from the dataset was linked to an account on Muslim Match.
“i am genuine and truthful and am seriously seeking a right muslimah who could be a friend, a companion to hold hands thru journey of life and beyond.” Some of the messages appear to be spam, having been sent in quick succession and containing the exact same content.
(On its homepage, Muslim Match warns of an increase in fake users.)The dataset also includes a number of shorter messages that appear to be from an instant messaging function.
Using information within the dataset, Motherboard was able to link private messages with specific users.
By cross-referencing the different files, it was possible to find out the username of the person who sent the message, as well as their logged IP address and poorly-hashed, MD5 password.
Some of the messages also include extra information, such as Skype handles, which users have exchanged.
Judging by the IP addresses, Muslim Match's users are based all over the world, including the UK, Pakistan, and the US.The Muslim Match hacker may have used SQL-injection—an ancient but commonly effective web attack—to obtain the data, judging by the format the files are in.Motherboard managed to speak to one Muslim Match user, and Hunt reached two additional users who were happy to talk.“I feel disappointed but the site didn't seem to be secure in the first place.Specialty dating site “Muslim Match” has been hacked.Nearly 150,000 user credentials and profiles have been posted online, as well as over half a million private messages between users.Security researcher Troy Hunt has added the data to his breach notification site “Have I Been Pwned?