Hackers steal emails, private messages from hookup websites

Hackers have stolen email addresses, direct messages, and other personal data from users of two dating websites, according to a data breach expert.

Earlier this week, someone alerted Troy Hunt, the founder and maintainer of the data breach alerting website Have I Been Pwned, that hackers had breached two dating websites, CityJerks and TruckerSucker. Hunt told TechCrunch that he analyzed the stolen data and found usernames, email addresses, passwords, profile pictures, sexual orientation, users’ date of birth, their city and state, their IP addresses, and biographies. The stolen passwords are scrambled with a weak algorithm that could potentially be broken and allow hackers to see the actual passwords."

“It's really just a typical forum breach, albeit with super sensitive content,” Hunt said.

The sensitive content, for example, include hookup messages, such as “I will b [sic] in Jackson on business during the day on Nov.13 if interested message back I won’t have a place, will u?” and sexual preferences, such as “trucker that loves suckin [sic] chubby guys,” according to Hunt.

Hunt said that the tipster told him the breach was advertised on a hacking forum. TechCrunch independently verified that the data stolen from CityJerks and TruckerSucker is being advertised on the forum.

Image Credits: CityJerks; TechCrunch Screenshot

In a post advertising the data stolen from TruckerSucker, the seller claims the database contains information on 8,000 users. In the post about CityJerks, the seller claims the database contains data from 77,000 users.

CityJerks advertises itself as a place to help people find partners to “masturbate mutually.”

“Masturbating mutually will connect you and your sweetie, your partner or a fellow member on an ever deeper level. No matter how long you’ve been together, you want that for sure! The feedback from our customers speaks for itself,” the site read.

TruckerSucker bills itself as a place to “meet masculine men,” a place for “REAL TRUCKERS and REAL MEN.”

The administrator of the two websites did not respond to a request for comment.

Do you have more information about other data breaches? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.