Muslim marriage site MuslimMatch has been hacked prompting the leaking of 150,000 users personal information and 790,000 private messages which have been posted online to download.
The data being leaked online includes personal information of the users such as their full name, address, employment, marital status, email and IP.
Motherboard has put together the information from the hacked user data and has correlated email addresses with private messages sent.
Sample messages retrieved from the leaked messages read below:
'AoA, could you take a look at my profile and let me know if you want to exchange emails and get you know a little more about each other Inshallah. waslaam'
'i am from bangladeshi background seriously looking for a practising sister for marriage.i am intrested in your ad and would like to discuss a marriage proposal.please call me on *************'
'salam dear sister, i just came back from tunisia and i saww that you have visited my profile many times , i like everythting on your profile and i am crazy about marvin gay but i am married and you dont want to be a second wife isnt it. best regards'
'Hi J*****, I''ve just registered with MuslimMatch.com in the last day! I was reading your profile and you sound like a really interesting guy. It would be good to get to know you (I feel quite embarassed writing this, haven''t done this before) inshallah. My nickname is D***, if you want to look through my details and if your interested in getting to know each other better - e-mail me back, it will be good to hear from you. Fi-amaan-allah Wasalaams'
The method of the hack has been assumed to be an SQL injection attack, this attack involves a direct attack on the database of the website through a search bar or any other entry field which doesn't have the necessary security. Another indication of the lack of security for the site was that the site did not have HTTPS, which is added security highly recommended for sites asking for user data.
The data was released by TheCthulhu, a known hacker and privacy activist, the reasoning behind the attack was not an attack towards Muslims but it was a hack to further improve the security of websites holding personal data.
The website started in 2000 as a marriage service for Muslims, their description on Facebook reads, "The 100% Free Marriage Service :: Single, Divorced, Widowed, Married Muslims :: Coming together to share ideas, thoughts and find a suitable marriage partner". The marriage site has users spanning from locations including Pakistan, Middle East, UK and USA, none of whom have been safe from the hacked user data.
MuslimMatch has not made a public statement regarding the sites hack but they have left a message on their website stating they are currently down for the month of Ramadan.