Hackers have gained unauthorized access to the personal data of users from two dating websites, CityJerks and TruckerSucker, according to cybersecurity expert Troy Hunt, founder of Have I Been Pwned, a data breach alerting website and reported first by TechCrunch.

Stolen from Casual Dating Sites

The data that was stolen from the dating websites included various personal details such as usernames, email addresses, passwords, profile pictures, sexual orientation, users' date of birth, their location, and their biographies.

Additionally, Troy Hunt discovered that the passwords were encrypted using a weak algorithm, which could potentially be broken and lead to hackers gaining access to the actual passwords.

Some of the messages and user preferences were of an explicit nature. One user mentioned their upcoming business trip to Jackson and asked if anyone was interested in meeting up, while another user expressed a preference for larger men.

In sum, the data were very sensitive and personal.

An anonymous source alerted Hunt about the breach and claimed that the data had been advertised on a hacking forum. TechCrunch independently verified the information and found that the data stolen from both CityJerks and TruckerSucker was being advertised on the forum. 

The sellers of the stolen data claimed that the TruckerSucker database contained information on 8,000 users, while the CityJerks database contained data from 77,000 users. 

Both dating websites cater primarily to the LGBTQ+ community, with CityJerks positioning itself as a platform for finding partners for mutual sexual pleasure, while TruckerSucker is geared towards "real truckers and real men." 

Hunt noted that the breach was a typical forum breach but with highly sensitive information. The stolen data includes intimate details of users' private lives, making them vulnerable to potential blackmail or identity theft. 

The fact that the passwords were not adequately encrypted could allow hackers to gain access to user accounts on other platforms, posing a risk to user privacy and security. 

Read Also: Russia and Iran State-Linked Hackers Are Increasingly Attacking Politicians, Journalists - UK Cybersecurity Center Alleges

Hackers Compromise AT&T Emails

In related news, TechCrunch reported that hackers have discovered a new method to gain unauthorized access to the email accounts of individuals who possess an AT&T email address.

These hackers are then using this access to hack into the cryptocurrency exchange accounts of the victims, stealing their digital assets. Apparently, the hackers can gain access to a section of AT&T's internal network, which enables them to produce mail keys for any user.

Mail keys are credentials that allow AT&T email users to sign into their accounts using email applications without having to use their passwords.

The hackers can then use the victim's mail key to sign into their email account and begin resetting passwords for more profitable services, such as cryptocurrency exchanges.

This allows the hackers to reset the password for the victim's Coinbase or Gemini account via email, giving them complete control over their cryptocurrency assets. The identity of the hackers behind this scheme remains unknown.

Related Article: Two Men Reportedly Conspired with Russian Nationals to Hack JFK's Taxi Dispatch System