Hackers steal emails, private messages from hookup websites

Hackers have stolen email addresses, direct messages and other personal data from users of two dating websites, according to a data breach expert.

Earlier this week, someone tipped off Troy Hunt, the founder and maintainer of the data breach alert website. They have cheated me?, that hackers had breached two dating websites, CityJerks and TruckerSucker. Hunt told TechCrunch that he analyzed the stolen data and found usernames, email addresses, passwords, profile pictures, sexual orientation, users’ dates of birth, their city and state, their IP addresses, and biographies. Stolen passwords are encoded with a weak algorithm that could break and allow hackers to see the real passwords.”

“It’s really just a typical forum violation, albeit with super sensitive content,” Hunt said.

Sensitive content, for example, includes connection messages, such as “I’m going to [sic] in Jackson on business during the day of November 13 if interested please message back I won’t have a spot right? and sexual preferences, such as “trucker who loves to suck [sic] chubby guys,” according to Hunt.

Hunt said the tipster told him the breach had been posted on a hacking forum. TechCrunch independently verified that data stolen from CityJerks and TruckerSucker is advertised on the forum.

Image Credits: CityJerks; TechCrunch screenshot

In a post announcing the data stolen from TruckerSucker, the vendor claims that the database contains information on 8,000 users. In the CityJerks post, the vendor claims the database contains data for 77,000 users.

CityJerks advertises itself as a place to help people find partners to “jerk each other off.”

“Masturbating to each other will connect you and your partner, your partner or a partner on an ever deeper level. No matter how long you’ve been together, you sure want that! Our customer feedback speaks for itself,” the site said.

TruckerSucker bills itself as a place to “meet masculine men”, a place for “REAL TRUCKERS and REAL MEN”.

The administrator of the two websites did not respond to a request for comment.

Do you have more information on other data breaches? We would love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.