Russian-speaking Crooks Hacked 97, Mostly Dating-related Websites

Batches of stolen login credentials from the sites were discovered on a server by Hold Security, a U.S. company that specializes in analyzing data breaches.

The information on that server also includes a list of software vulnerabilities found on the hacked sites, along with some notes written in Russian.

The server was not password protected.

Many of the attacked sites were ones similar to the Ashley Madison infidelity site, while a few were job-related sites.

The hackers are not tied to the “Impact Team,” a group claiming credit for the intrusion into Ashley Madison.

The breached sites appear to have database errors -- called SQL injection flaws -- that, when exploited, give hackers the ability to access the systems.

The hackers essentially “are doing what security auditors would,” by externally probing websites for weaknesses, said Alex Holden, Hold Security’s founder and CTO.

It does not look like the attackers stole other sensitive data on registered users, as was the case with Ashley Madison, where dating preferences and GPS data were dumped.

The pocketed information is still valuable, however.

Usernames and passwords are useful for spamming consumers. The email addresses can also be used to blackmail members of dating sites, Holden said.