Password Optional: Huge Security Breach Hits SpeedDate

Discussion Policy

Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.

Jason Kincaid

TechCrunch.com
Tuesday, February 3, 2009; 5:31 PM

Wow. Something is seriously wrong at SpeedDate, the online dating site that throws strangers into whirlwind 3 minute dates. For at least 30 minutes this evening (and possibly more), passwords were totally optional. Type in a user name (no password needed), hit "Log In", and you had access to every private message, 'flirt', and buddy list available on the user's profile. You could modify profile photos, bios, or whatever else you could find.

We've verified that the issue worked with at least five different accounts. One account didn't work, the others went though without a hitch. Fortunately there isn't a whole lot of damage you can do on the site beyond read or send private messages, but as far as security breaches go it doesn't get much worse than this.

We've confirmed the problem with SpeedDate, who say it is now fixed (we held the story until they could address the issue to avoid further exploitation). SpeedDate says that the issue only affected a subset of users, though the number of accounts affected seems to have been substantial.

This isn't the first time SpeedDate has been in hot water with users. Last year the site acquired a number of Facebook applications unrelated to dating, only to convert them to SpeedDate apps without the consent of users. It was also temporarily banned from Facebook entirely.

Thanks to Reece Schofield for the tip.