Data stolen from a dating website aimed at "beautiful people only" has been traded online.
The details of more than a million members including their weight, height, job, and phone numbers were discovered unencrypted online in December 2015.
They have now been sold on the black market, said security expert Troy Hunt.
The firm said the data belonged to members who joined before July 2015 and that no passwords or financial information were included.
Security researcher Chris Vickery, who originally discovered it, told the BBC the firm acted quickly after he notified them - but by then, data had already been sold on.
"They published it openly to the world with no protection whatsoever," he said.
Beautiful People originally claimed the content was from a test server but Mr Vickery said the data itself was still genuine.
Beautiful People最初声称,这些内容来源于一个测试服务器,但维克里说不管怎样,这些数据都是真实的。
"Whether or not it’s in the test database makes no difference if it’s real data," he added.
It also transpired that a second researcher had identified the same weakness on the same day.
"The breach involves data that was provided by members prior to mid-July 2015. No more recent user data or any data relating to users who joined from mid-July 2015 onward is affected," Beautiful People said in a statement.
“这个漏洞涉及的数据均为2015年7月中旬以前加入的会员,近期的用户数据或者2015年7月中旬以后加入的会员数据并没有受到影响。”Beautiful People发表声明。
"As far as we were aware, at that time [in December 2015], only the two security researchers who informed us of the breach had access to this data."
Public information
Now the compromised data appears to have been sold on the black market, security expert Troy Hunt told Forbes.
"Now it’s public, cybercriminals have the opportunity to use this information to steal personal identities or more," said David Emm, principal security researcher at Kaspersky Lab.
"Unfortunately, once a breach of this nature has been made, there is not much that can be done."
Cybercriminals use the genuine identities to synthesise new ones, and they tend to act within a month of receiving stolen data, said John Lord, managing director at identity data intelligence firm GBG.
"Organisations need to take action and use more data, analytical insights and triangulation of multiple-identity proofing techniques to minimise the potential effects of identity theft for both the user and the businesses serving them," he said.
Beauty secrets
People hoping to join the Beautiful People website submit photographs which are then rated by existing members of the opposite sex for 48 hours.
任何希望加入Beautiful People网站的人需在网站提交个人照片,48小时以内会由网站现有异性成员进行评分。
If they get enough positive votes, they are then granted membership.
The firm claims more than 700 marriages have taken place between people who met on its website.
- 03-082016考研英语大纲公布完形填空名词解题思路
- 03-082016考研英语大纲公布完型填空部分解析及策略
- 03-082016考研英语大纲趋稳99天冲刺备考
- 03-082016考研英语大纲作文之预测
- 03-082016考研英语大纲无变化掌握大纲真谛高效备考
- 03-082016年考研英语大纲翻译部分深度解析
- 03-08杭州师范大学2016考研《英语》考试大纲
- 03-082015考研英语考试二大纲原文
- 03-082015考研英语考试一大纲(非英语专业)
- 03-082015考研英语大纲变化及写作部分大纲要求