BOSTON (Reuters) - Topface, one of the world’s largest dating websites, said it has paid a hacker an undisclosed sum to stop trying to sell about 20 million email addresses stolen from the Russian company.
Topface Chief Executive Dmitry Filatov said the company located the hacker, who had published ads to sell the data but had not actually sold them.
“We have paid him an award for finding a vulnerability and agreed on further cooperation in the field of data security,” Filatov said in an email on Friday, declining to disclose the size of the reward.
Topface says it has some 92 million users and 1.6 million daily visitors.
Cybersecurity experts typically advise companies not to pay hackers to return stolen data, calling that a ransom and saying cyber criminals often break promises.
But Filatov noted that the ads have already been removed and Topface has agreed not to pursue charges against the unidentified individual.
“As we made an agreement with him we do not see any reason for him to break it,” said Filatov.
Atlanta-based fraud protection firm Easy Solutions disclosed the hack on Sunday, reporting on its blog that a hacker known as “Mastermind” was attempting to sell 20 million credentials for an unnamed dating site.
The security firm had warned the credentials might be used to access accounts on other sites because people frequently use the same passwords for multiple accounts.
It said the data included 7 million credentials from Microsoft Corp’s Hotmail service as well as 2.5 million from email accounts with Yahoo Inc and Google Inc.
Only email address had been stolen, Filatov said. “There was no access to other information - neither passwords, nor content of the accounts.”
Reporting by Jim Finkle; Editing by Richard Chang