Bad news for Plentyoffish users: your information has been stolen by hackers.
The question is, who are these hackers? Plentyoffish CEO Markus Frind [pictured] only heard about the attack because an Argentinean named Chris Russo who claims to be a “security researcher” (and was also behind an attack on ThePirateBay in August of 2010) called his wife around midnight a week ago to tell her about a security problem at Plentyoffish being exploited by Russian hackers.
Frind says that Russo’s warning was actually an attempt to extort him, and that Russo was the true hacker — not some mysterious Russians. Frind says that Russo started drawing up contracts and wanted $15,000 from Frind to solve the security problem and retrieve the users’ stolen information.
TechCrunch has a wrap-up about what Frind says happened:
At midnight Miami time my wife gets a call from Chris Russo that plentyoffish has been hacked into and that Russians have taken over his computer and are trying to kill him, and his life is in extreme danger and they are currently downloading plentyoffish’s database. Chris is trying to create a sense of panic.
I listened in the background and I closed the breach if indeed there was one while my wife was on the phone and then I immediately ordered an investigation. Over the next 24 hours we got a lot of voice mails from Chris Russo frantically wanting to talk to us.
Frind says Russo and his team were attempting to extort him:
They then say we should find a way to work together as they are a security company. In exchange for complete access to all of our source code and SQL servers they can make sure we aren’t attacked again. Now they want us to Sign NDA’s Contracts etc.
They also claim they know the locations of where the Russians dumped our data and they can delete it.
They then start talking about money because they need to incorporate a company that can deal with companies outside of Argentina and that will cost $15,000. They also needed to know if they were going to make over $100k/year or 500k/year as that would require different registrations…
But Russo says it went down in a different way; he says the security vulnerability at POF was an obvious one that had been exploited before, and he was only trying to help Frind by pointing it out. Russo says that it’s Frind who is making threats, by apparently alluding to mafia connections in an email:
As we can see in the email, it textually says:
If this data goes public I am going to email every single effected user on Plentyoffish your phone number, email address and picture. And tell them you hacked into their accounts.
Then i’m going to sue you In Canada, US and UK and argintina. I am going to completely destroy your life, no one is ever going to hire you for anything again, this isn’t piratebay and we definately aren’t fooling around.
Right after that, There was 3 phone calls, which the local police are trying to recover, where he clearly said several times, that my people stole his user database, and he also mentioned that there was organized crime or mafias behind sites like the one he runs.
I explained to him several times that we were only reporting an error, but he refused to understand and kept accusing us, over the telephone communication he clearly threatened me again, saying that he was going to do something, just before mentioning his connection to criminal organizations.
It seems like the only connections to threatening characters Frind has is to the one person every basement-dwelling hacker fears: Russo’s mother. Frind said that he did indeed contact Russo’s mom and did threaten to sue.
Man, so much anger between these computer nerds. Fortunately, it’s TechCrunch to the rescue to make sense of the true importance of this story:
Accusations abound, but if personal data from Plentyoffish users was really as vulnerable to malicious attacks as Russo claims, then that’s what everyone should be focusing on first and foremost.
True dat, TechCrunch; true dat.