Popular dating site PlentyofFish.com was hacked last week, exposing user information for thirty million users.
But accused hacker Chris Russo and Plenty of Fish CEO Markus Frind seem to be telling different versions of the tale, as they continue to exchange barbs over the mishap, in what is quickly becoming a byzantine tale that includes murder threats, extortion and hacking.
According to CEO Frind's blog post, "this was an incredibly well planned and sophisticated attack," where Russo "didn't even try to hide behind a proxy, signed up under his real name and executed the attacks while logged in as himself." Frind says that Russo then told Frind the site had been hacked, and that "Russians have taken over his computer and are trying to kill him, and his life is in extreme danger and they are currently downloading plentyoffish's database."
Things escalate, according to Frind:
A bit later I am on the phone with Chris as well. Chris tries to create intense sense of pressure and urgency, saying I have to either fly to Argentina or Washington DC so he can help me stop these attacks from the Russians. Hey [sic] says the Russians have complete access to everything including our bank accounts, and they want to steal about $30 million from a string of dating sites including ours.
Later, as Frind recalls, he talked to Russo again, who at this point said he has a business partner named "Luca" in a security company that will help them prevent further breaches. The Russians are out of the picture. Russo then asked for "complete access" to all of their "source code and SQL servers" and asked Frind to sign a contract, claiming he knows where the hacked data is. Eventually, Russo asked for $15,000 to fix the breach.
Fed up, Frind writes that he threatened to sue Russo, before he took the last step he can think of: emailing Russo's mother.
But according to Russo, who wrote to Grumo Media with his side of the story, he merely spotted and reported the breach to Frind. Russo goes on to say that he was in talks to work with Russo as a security analyst, when Frind changed his tune:
While we were creating the legal documents in order to proceed, Markus Frind got progressively more aggressive and unresposive with us, and told us to speak with their employees, Kate and Jay, because there was a serial killer, murdering people from the website.
Someone alleging to be Russo posted a video to YouTube explaining how the hack was executed.
Depending on who you believe, Russian conspiracy, aggressive delusion or a single wild hacker is to blame. But one fact remains clear: the usernames, passwords, real names and email addresses of about thirty million users are at risk. Frind says all the passwords for the site have since been reset.