The breach included some 15 million private messages sent between members of the website, as well as details such as encrypted passwords, email addresses, mobile-phone numbers and personal information such as height, weight, job, favorite movie and TV show.
The information is now being sold on the online black market by data traders, reported Forbes.
BeautifulPeople.com confirmed with Forbes that it was aware of the breach, which was first reported in December 2015. It re-sent the statement released at the end of last year, saying, "This was a staging server and not part of our production database. The staging server was immediately shut down." The statement also said that all vulnerable users were contacted at the time of the hack. But two BeautifulPeople.com users who found their information in the leaked database, obtained by researcher Chris Vickery last year, told Forbes they were never contacted by the website.
Confirming the accuracy of leaked accounts is security expert Troy Hunt, who runs HaveIBeenPwned.com, a website that allows you to search your email address to see if you've been affected by a data breach. Hunt tweeted that, of the 1.1 million leaked accounts, 170 used a government email addresses. "I keep seeing a heap of government stuff where it probably shouldn't be," he wrote.
BeautifulPeople.com, which is owned by BeautifulPeople Network, has seen its share of controversy since its inception in 2002, when it launched in Denmark before eventually going global in 2009. The site defines itself as a dating space for attractive people only, allowing its community of users to vote to reject any applicants deemed too mediocre to join. A reported 5,000 users were removed from the site for "weight gain," The Guardian reported in 2010.
Hunt of HaveIBeenPwned.com told Forbes that he was tipped by traders who illegally buy and sell hacked data.
On this large and complex black market for hacked data, one particularly valuable piece is access to millions of real users' passwords. Cybercriminals buy these data lists with the intent of uploading them to massive databases such as rainbow tables, a sort of dictionary of possible passwords used to hack encrypted accounts.
In February this year, 27 million passwords hacked from dating website Mate1.com were reportedly sold for 20 bitcoin, around $8,700 (roughly Rs. 5.8 crores) at the time. Hunt said he does not know how much the leaked data from BeautifulPeople.com eventually sold for.
© 2016 The Washington Post
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.