Topface, one of the world's largest dating websites, said it has paid a hacker an undisclosed sum to stop trying to sell about 20 million email addresses stolen from the Russian company. Topface Chief Executive Dmitry Filatov said the company located the hacker, who had published ads to sell the data but had not actually sold them. "We have paid him an award for finding a vulnerability and agreed on further cooperation in the field of data security," Filatov said in an email on Friday, declining to disclose the size of the reward. Topface says it has some 92 million users and 1.6 million daily visitors.
Cybersecurity experts typically advise companies not to pay hackers to return stolen data, calling that a ransom and saying cybercriminals often break promises. But Filatov noted that the ads have already been removed and Topface has agreed not to pursue charges against the unidentified individual. "As we made an agreement with him we do not see any reason for him to break it," said Filatov.
Atlanta-based fraud protection firm Easy Solutions disclosed the hack on Sunday, reporting on its blog that a hacker known as "Mastermind" was attempting to sell 20 million credentials from an unnamed dating site. Only email address had been stolen, Filatov said. "There was no access to other information - neither passwords, nor content of the accounts."