Beautifulpeople.com, an elite dating website for the exclusively good looking, has reportedly been hacked with private data of more than 1 million users up for sale.
The breach leaked information such as addresses, sexual preferences and incomes, as well as millions of private messages, sold online by the hackers.
Forbes news website said that according to security expert Troy Hunt, Beautifulpeople.com was originally hacked in December, when the breach appeared to be confined to a database of test accounts but the data of real users is now being traded online.
A lot of different details are reportedly included in the leak, among them education, phone numbers and location data.
More damaging, however, can simply be the existence of a profile on a dating website, especially for those who may not want their existence made public. Hunt said that the email addresses in the leak included 170 ending in “.gov”, meaning US government employees used their work email addresses to sign up.
There are also 170 .gov email addresses in the Beautiful People breach. I keep seeing a heap of gov stuff where it probably shouldn’t be…
— Troy Hunt (@troyhunt) April 25, 2016
Beautifulpeople.com claims to exclude unattractive people by having existing members rate those trying to sign up. Prospective members must pass a certain ratings threshold to be allowed on the website: millions have been denied access, the company says, while thousands of members have been removed for gaining weight after joining.
The site claims to be “the largest dating community of attractive people in the world” and to have spawned 700 marriages.
It says several members have been “discovered” on the website and gone on to jobs in TV or modelling. In 2011, it claimed that a “Shrek” virus had allowed thousands of unworthy people to join the website, although this was dismissed as a publicity stunt.
Ashley Madison, also a dating website but exclusively for married people looking for affairs, was hacked last year, embarrassing thousands.
Beautifulpeople.com reiterated a statement from December about the hack being limited to a test server but has not commented on claims the leak was wider than that.