UPDATE: Thanks to the Hacker News community for voicing their criticism and making some great points on web security and password management. To join the debate on Hacker News Click Here.
Last week Plenty Of Fish got hacked and a big drama ensued after Markus Frind, its Founder and CEO, wrote a long rambling article accusing a 23 yo Argentinean hacker, Chris Russo, of extortion and harassing him and his wife.
Markus blog post caused what seems to be now the worst PR nightmare any company could dream of.
Instead of getting compassion and support from his readers, he was heavily ridiculed and made fun of by hundreds of commenters and web publications across the Internet.
Why? apparently is not unusual for hackers to expose security vulnerabilities as a hobby or as a business, but what is not normal or remotely acceptable is for any self-respecting website, specially the size of Plenty of Fish to store millions of passwords from its users in plain text format, that is, not encrypted.
Not only this a monumental lack of consideration for his user’s privacy but it is an unforgivable security issue that no one that has had the most basic web security training could have ever allowed to happen.
One must assume that every website will eventually get hacked and therefore must ensure that once the data is exposed the potential damage that can be caused is minimized as much as possible.
The main concern should be users privacy and with that comes their passwords. Unfortunately, a great deal of people use the same password for many of their online accounts. It is not safe but it is practical and no matter how much we are told not to do so, people will keep doing it.
Knowing this, the least thing a developer can do is to at least encrypt all the user passwords so in the event of a hacker gaining access to the database, the hacker will expose unusable information.
So is Markus that big of a moron? I don’t think so, he may have some emotional issues as can be seen from reading his post but he is not a total idiot. A person that single handedly was able to create the largest online dating empire on the Internet can’t be that stupid.
I think Markus is a genius, a nerd, a geek, a hacker himself, maybe not the best programmer but definitely one of the very few people in the history of the Internet to pull such feat all by himself.
As one can see from reading his blog he is not shy to tell the world how good he think he is.
Back in the day he went as far as posting a huge Google Ad cheque made to his name from advertising revenue gained through his website.
Nope, Markus is no fool so if he stores passwords in plain text is for a reason, and a good one indeed.
Probably the reason is just one of the many reasons that has made POF as successful as it is today.
The main reason is to boost user retention. This works two ways.
Every so often, POF sends you an email with your password so you don’t forget it.
This accomplishes two things at once. For one, it acts like a news letter, it reminds you that POF exists, that you should go there.
Although many use the same password for all their accounts, there are also many people that use several passwords and have difficulty remembering them.
Well, so if you forget your password it is way more likely that you will not log back in a website. Yes you can go ahead a go through the recovering process, but that takes time and we are lazy.
It is way smarter to keep reminding you of your password, and that is exactly what Markus does.
According to Markus himself most people signup for 2 or more online dating sites.
Which one will you be more likely to go back? well, the one that makes it super easy to remember your password and yes the cheapest one. POF is free!
So there you go, what is most likely, that a guy that has build the largest free dating site the world is a moron? or that his ambition overrules any concern for his user’s privacy? Occam tells us is more likely to be the latter assumption.
Not only that, Markus has admitted that keeping pictures aspect ratio all wonky is great to increase ad revenue traffic as people are forced to click on the pictures to view them properly.
Or the fact that it is almost impossible to cancel your POF account so even years after finding your true love you keep getting those hot weekly matches every Monday.
Not siree, our highly polemical and at times seemingly derranged interweb lord of the e-date realm is no fool.
Funny thing is that I am willing to bet this self imposed PR chaos may only help his site to become even more popular.
Many would sell their soul to the mockery devils in exchange of Markus’s 6 million love seeking uniques a month, no doubt.
Related Posts:
Plenty Of Fish Hacked – Chris Russo explains what happened
How to hack online dating to get 20 hot dates in 60 days
Get Our Top 10 Video Marketing Tips
Enter your email below to receive the exact strategies we've used to reach over 20,000,000 people with our videos without spending a single dollar in ads
Yah, and you can enter and leave a car much (!!!) faster, if you don’t fasten you seatbelt. Imagine even getting rid of this stupid children-seat!!!
OMG!!!
“Nope, Markus is no fool so if he stores passwords in plain text is for a reason, and a good one indeed.”
If he’s no fool then he clearly doesn’t give a shit about security.
I’d stick with fool, personally.
Having need of the plaintext password simply means you need to store it encrypted instead of hashed. Plain text is still a no-no.
I’m having serious difficulty deciding which is more stupid, storing passwords in plain text or your arguments supporting that practice.
This is nonsense. Also, you don’t ‘encrypt’ passwords — encryption is reversible. You always use a hashing algorithm (preferably bcrypt). Lastly, proof-read.
Trivial fix: send out the periodic emails you describe, but just include a link saying “Forgot your password? Follow this link!” This effectively makes every email a Password recovery email. Same effect, no plaintext passwords.
Great article, though plain text passwords no matter of the “usability” it provides is a definite NO.
If you send your users their passwords in plain text, any hacker with access to their email (cookies) or even gets hold of their iphone/andorod for two minutes. Will have easy access to the plain text password, for a later date.
If POF wants this usability:
1# Make a temporary token to login via a click of a link in their email
2# Part encode password, 50% plain text, 50% hashed.
The users are not to blame in this, and need better password security. Behind your back, any forum, any webmaster can steel your password, without you knowing.
P.S. Markus Frind is an idiot for ridiculas aquisations at Chris Russo.
Here’s a better solution to emailing people their passwords, email them a nice big button that says “login now!”, the link for which contains an authorisation token with a short shelf life or even just a single use. This has its own privacy concerns, but I think it’s a good trade off.
Your argument is a non-sequitur: the requirement of sending password reminders does not mean the data needs to be stored unencrypted.
Nice attempt at apologism, but it doesn’t wash. While that is an interesting feature, it is a security hole in itself, since passwords are being leaked constantly on the Internet (email is in the clear, remember?).
But let us suppose that matters not and conjure a simple architect that would serve that purpose and also show that yes, Markus messed up big time.
1. Accept password
2. Immediately send password to two places: a) hashed to the web authentication system (was), b) cleartext to the nuisance email system (nes)
3. The was is connected to the web server, one way or another, so that if the system is hacked, there is a danger of the was being accessed, but since the passwords are hashed, no big deal.
4. The nes is not connected to the web server, but runs separately, with no direct path from the web server to the nes, so if the web server is hacked, no nes access.
I’ve left out the implementation details – this is a comment, not a post, duh – but having web-inaccessible systems for management of sensitive information is so standard a practice as to be within the reach of anyone who cares at all for the security and privacy of their users.
What Markus did was wrong and suggests a lack of care.
Reducing the barrier to (repeat) entry does not justify lax security such as this. It’s like saying “lets not do backups, they take too much time and effort – lets increase the efficiency of our startup by not wasting time on backups.”.
Based on your post, it seems POF are doing the same thing – let’s not bother with security – let’s be more user friendly instead. It’s only a matter of time…
“user retention” sounds like a strange attribute for “dating site”, but obviously I may have a conservative minded mind for personal relationships. Obviosly somebody joins a dating site for ever, and ever, and ever.
… are you censoring comments b/c they show how stupid your article is? great style!!!
So you’re saying it’s a “feature”?
There’s got to be a better way.
If someone really wants back onto a site after long enough of a time that they can’t remember their password, they’ll do what we all do — either use some sort of “I Forgot My Password” link or just make a new account.
Great idea. Store plain text passwords, in order to make it easier to send them via insecure email.
Even if you want to send users their password via email (bad idea), you could still store them with 2 way encryption. But having a one time login is a better idea.
Um, even if he encrypts passwords, he can still send out easy-to-click, auto-expiring links to users with a parallel authentication token that is not their password. He can even throw in a nice, big “reset your password” link at the top if this is really the use case behind his plaintext passwords.
So, sorry – there is no excuse for storing user passwords in plaintext.
There is absolutely no reason anyone should be storing plain text passwords; it’s a massive security breach as you have mentioned above.
Now, not only are POF having a potential security breach on their website, if I were a member they are causing a security breach on MY OWN COMPUTER by emailing me my password in plain text!! Up until the point that POF were to email me my password, it existed ONLY in my own head which is incredibly hard to hack. Sure if I were to sign up to POF, then they are now storing my password on their (probably pretty secure (although not that secure since it was hacked)) server. But emailing it to me puts it at risk from any nasty viruses which may be monitoring my inbox for the keyword “Password”.
Sending a newsletter doesn’t need to include a password to indicate that the site “still exists”. And the fact that they do is irresponsible and reckless.
OKCupid solved the same problem by using the quick-login links in their e-mails. You just click the link and you’re automatically logged in. No need to show users the password or store it as plain text.
What’s the connection of sending the user email through a newsletter?! just as he (was supposed to) encrypt the password in order to store it into the DB he also need to decrypt it in order to validate users login to the system, he can decrypt it as well when he want to send the newsletter with the password.
I don’t get your logic.
You give Markus too much credit. If most people use the same password as you say, why do they need reminding?
Ok, so not only do they store plaintext passwords in their database, they send out millions of plaintext passwords over an unencrypted medium to be stored in someone’s inbox.
No one, even yourself should ever see your password written out as anything but dots or stars. We have long established the right way of doing things and there’s no way to justify doing it otherwise. Besides, why should even he be able to see everyone’s passwords knowing how often people reuse them?
until well after 2012, but they will modernize rules dating from 1995, and could expand to e-banking, online shopping or the personal data field
lookinginchas is cheating on me, his wife and three children , all devastated. I wish someone would help me get his password.