Russian dating site pays hacker to recover stolen emails, but don't call it a ransom
Russian dating service Topface has paid a hacker an undisclosed sum to return 20 million customer email addresses he stole -- but the company would prefer if you wouldn't refer to the exchange of goods for stolen information as a ransom, thank you very much.
The hacker is said to have made off with only the email addresses; he didn't get the passwords associated with those emails, nor did he compromise any payments data. Topface claims that it doesn't manage any of its customers' credit card information.
None of those email addresses were shared with others. The hacker simply didn't have a chance to sell them, because once Topface learned that he was planning to auction off the data, it decided to purchase the millions of email addresses itself.
Bloomberg reports that the hacker won't face any criminal charges, and Topface has decided to call the money paid out as "an award for finding a vulnerability," which is what I hear negotiators call paying kidnappers not to kill any of their hostages.
On a less facetious note: It's strange that Topface won't just call this what it is. The hacker didn't discover a vulnerability in the same way professional pen-testers do when a company hires them to break into their systems and steal sensitive data.
He stole millions of email addresses. That's not much in the grand scheme of things -- there have been plenty of instances where hackers made off with credit card data over the last few months -- but pretending it wasn't theft doesn't really do any good.
Unless the company thinks its 90 million customers will actually believe that paying someone not to release their personal information wasn't a ransom, in which case, good on Topface for managing to lock in the most gullible people as its customers.
[illustration by Brad Jonas]