and asked them to reset their passwords . `` Looking for a practising single Muslim ? Look no further . We have over 100,000 members , '' PureMatrimony.com reads . Apart from a focus on a specific demographic , Pure Matrimony works very much like any other dating site , and has a free sign up process . Motherboard obtained a list of some 120,000 hashes—a string of characters that can represent a user 's password—that w ere dumped Attack.Databreachon a password cracking forum , and that appear to relate to Pure Matrimony . They were hashed with the weak MD5 algorithm , meaning that hackers could likely o btain Attack.Databreachmany real passwords from them . Indeed , several users on the forum had seemingly successfully cracked a number of the hashes . Many of the hashes , when translated to plaintext versions , read `` purematrimony , '' or `` purematrimony1 , '' for example . The posted data did not include any other account information , such as email addresses or usernames . `` Customers have already been notified of the incident via email , '' a Pure Matrimony representative told Motherboard in an email . `` Customers have been notified to change their passwords on their profile accounts as well as any other places online where they may have used the same password . '' The company claimed that Pure Matrimony 's site had not been hacked , but believes a vulnerability in a third party service provider may be to blame . Motherboard could not independently verify this claim . `` Our team have taken advice from two separate independent security consultants to ensure that we are doing everything possible to secure our data and protect our members . Aside from the additional security measures and moving our website to a new server , we have informed members and also logged this with the ICO [ the UK 's Information Commissioner 's Office , which upholds data protection in the country ] , '' the representative added . Last year , Motherboard reported on a d ata breach Attack.Databreachof another Muslim dating site , Muslim Match . In that case , hackers managed to g rab Attack.Databreachthe full content of messages between members . The lesson : As Pure Matrimony advises , users should change their passwords , and especially on sites where they used the same login details . But it 's not clear how successful a hack might be at breaking into other accounts , since the the data did not include usernames or email addresses .
In one of the more bizarre d ata breaches Attack.Databreachto surface recently , hackers made off with 6 million accounts for CashCrate , a site where users can be paid to complete online surveys , according to a database obtained by Motherboard . In short , CashCrate connects users to companies that need people to test new products and services , or take part in daily surveys in exchange for cash . The data includes user email addresses , names , passwords , and physical addresses . Judging by timestamps in the stolen database , the earliest accounts date way back to 2006 , and come with full passwords . If a user signed up to another service with the same password , hackers could a ccess Attack.Databreachthe victim 's account on another site , as well as their CashCrate account . Accounts from mid 2010 onwards appear to have passwords hashed with the notoriously weak MD5 algorithm , meaning that hackers may be able to crack the hashes and o btain Attack.Databreachthe real login credentials . For-profit breach notification site LeakBase provided Motherboard with a copy of the CashCrate data . To verify that the data was legitimate , Motherboard attempted to create accounts with random email addresses included in the data . In every instance , this was not possible , because the email was already linked to an account on CashCrate . As an indication of CashCrate 's approach to cybersecurity , the site does not use basic web encryption , including on its login page , meaning that credentials could b e exposed Attack.Databreachto anyone in a position to i ntercept Attack.Databreachthem . `` We 're in the process of notifying all our members about the breach . While we 're still investigating the cause , at this point it appears that our third-party forum software w as compromised,Attack.Databreachwhich led to the breach . We 've deactivated it until we 're confident it 's secure , '' a CashCrate spokesperson told Motherboard in an email . `` We have also confirmed that any users who have logged in since October 2013 have passwords that are fully hashed and salted , and we 're looking into why some inactive accounts have plaintext passwords . Those will be hashed and salted immediately , '' the spokesperson added . The lesson : We all sign up to odd or random websites . If possible , it may be worth using a different email address for these more leftfield sites , or even creating dedicated addresses for each . That way , when a breach does occur , any fallout will be mitigated , and hopefully limited to only one or a few sites . That , and you should use a unique password for every site too .