This storey was sent to us yesteryear electronic mail from Luca Fenochietto himself, inwards which he tries to larn his side of the storey out in that place which may good hold out the truth. The amount storey goes similar this:
The Last Fri 21st January, Christian Russo and his partner Luca Fenochietto discovered a vulnerability in PlentyOfFish exposing users details, including usernames, addresses, telephone numbers, existent names, electronic mail addresses, passwords inwards evidently text, in addition to inwards most of cases, paypal accounts, of to a greater extent than than 28,000,000 (twenty 8 1000000 users). This vulnerability was nether active exploitation yesteryear hackers.
Their squad decided to notify Mr. Markus Frind (founder in addition to CEO of PlentyOfFish Inc.) about these circumstances equally shortly equally possible inwards gild to halt whatever potential harm which could hold out done, yesteryear the exploitation of this vulnerability.
The flaw was reported the same nighttime to Annie Kanciar, his wife, who was really thankful amongst us, in addition to contacted 1 of their developers inwards gild to inform almost this flaw.
The vulnerability was fixed in addition to they remained inwards contact amongst Christian Russo, since they were interested inwards hiring him in addition to his squad equally safety professionals inwards gild to brand an analysis of the platforms.
While nosotros were creating the legal documents inwards gild to proceed, Markus Frind got progressively to a greater extent than aggressive in addition to unresponsive amongst us, in addition to told us to utter amongst their employees, Kate in addition to Jay, because in that place was a series killer, murdering people from the website.
Christian Russo arranged to ship the documents almost the vulnerability he had found, a problem concern plan, in addition to the CVs of the personal working amongst him yesteryear Mon 31st January.
The vulnerability, was properly documented yesteryear his team, without exposing whatever confidential user information. This was an mistake based MSSQL injection, that could allow whatever assailant to brand a amount backup of the databases used yesteryear the spider web server, in addition to or attain direct access into the site.
By the nightfall of Lord's Day 30, Mr. Markus Frind sent Luca Fenochietto an email accusing him in addition to his squad of stealing his whole user database without a unmarried proof, based on supposed information that “20 employees told him”, in addition to a spider web link from FreeLancers asking for user information of POF. Here is the postal service itself:
If this information goes world I am going to electronic mail every unmarried effected
user on Plentyoffish your telephone number, electronic mail address in addition to picture.
And tell them you lot hacked into their accounts.Then i’m going to sue you lot In Canada, United States of America of America in addition to Britain in addition to Argentina. I am
going to completely destroy your life, no 1 is e'er going to hire
you for anything again, this isn’t piratebay in addition to nosotros definitely aren’t
fooling around.Markus.
The conversation went similar this:
On 28/01/2011 04:00 p.m., Kate Bilenki wrote:Hi Chris!Just idea I’d follow upward on the proposal nosotros discussed, delight permit me
know if you’re even thus sending itThank you lot really much,Kate
Plentyoffish.com
To which Chris replied:
Hi Kate, how are you?
The documents are almost ready, would you lot similar to utter yesteryear phone? I’m
feeling a flake insecure in addition to nervous, the operate to hold out done volition accept time,
cooperation in addition to perhaps, physical presence, you lot may desire to come upward to our
offices, or i could become in that place equally well…I’ll ship the documents tomorrow, around 3pm Vancouver time. is in that place any
phone publish nosotros telephone band you lot guys?Thanks inwards advance
sincerely yours;
chris russo
Kate’s Reply:
OK cheers Chris, I’ll sentry out for your email. You direct maintain a swell weekend as well.Kate
Chris thus emailed Kate back:
Hi Kate, yes, I’m doing a PDF amongst a innovation of activity (what should hold out done
in kickoff instance, how nosotros would operate around it, what should hold out done 1 time the
incident is totally controlled, in addition to another additional information, all
including times in addition to prices), in addition to gathering all my people CV’s equally well. I’ll
email all this information to you lot this Monday, or earlier if it’s possible.Have a swell weekend,
sincerely yours;
chris
As nosotros tin encounter inwards the email, it textually says:
If this information goes world I am going to electronic mail every unmarried effected user on Plentyoffish your telephone number, electronic mail address in addition to picture. And tell them you lot hacked into their accounts.
Then i’m going to sue you lot In Canada, United States of America of America in addition to Britain in addition to Argentina. I am going to completely destroy your life, no 1 is e'er going to hire you lot for anything again, this isn’t piratebay in addition to nosotros definitely aren’t fooling around.
Right afterwards that, in that place was three telephone calls, which the local law are trying to recover, where he clearly said several times, that Christian Russo in addition to his people stole the PlentyOfFish user database, in addition to he too mentioned that in that place was organized criminal offense or mafias behind sites similar the 1 he runs.
Luca Fenochietto explained to him several times that he was entirely reporting an error, but Mark refused to empathise in addition to kept accusing Luca, over the telephone communication Luca said Mark clearly threatened him again, proverb that he was going to produce something, simply earlier mentioning his connector to criminal organizations.
In conclusion:
Plentyoffish.com exposes 30,000,000 users information, Christian Russo reported that, in addition to equally a termination larn nil but problem in addition to are threatened, straight yesteryear the founder, Mr. Markus Frind.
There’s a video recorded showing the vulnerability itself, in addition to the word reporter Brian Krebs verified this vulnerability the concluding calendar week himself . All the communications yesteryear postal service are too recorded in addition to stored, inwards instance it’s needed.
In addition, there’s a big peril that in that place was a existent assault over the website, which may lay inwards risk usernames, passwords, amount names, electronic mail addresses, in addition to fiscal related information such equally paypal account, credit cards, in addition to others, of millions of users.
Share This :
comment 0 Comments
more_vert