ClassPass, Gfycat, StreetEasy hit in latest round of mass site hacks

In just a week, a single seller put close to 750 million records from 24 hacked sites up for sale. Now, the hacker has struck again. The hacker, whose identity isn’t known, began listing user data from several major websites — including MyFitnessPal, 500px and Coffee Meets Bagel, and more recently Houzz and Roll20 — earlier this week. […]

In just a week, a single seller put close to 750 million records from 24 hacked sites up for sale. Now, the hacker has struck again.

The hacker, whose identity isn’t known, began listing user data from several major websites — including MyFitnessPal, 500px and Coffee Meets Bagel, and more recently Houzz and Roll20 — earlier this week. This weekend, the hacker added a third round of data breaches — another eight sites, amounting to another 91 million user records — to their dark web marketplace.

To date, the hacker has revealed breaches at 30 companies, totaling about 841 million records.

According to the latest listings, the sites include 20 million accounts from Legendas.tv, OneBip, Storybird, and Jobandtalent, as well as eight million accounts at Gfycat, 1.5 million ClassPass accounts, 60 million Pizap accounts, and another one million StreetEasy property searching accounts.

The hacker is selling the eight additional hacked sites for 2.6 bitcoin, or about $9,350.

From the samples that TechCrunch has seen, the accounts include some variations of usernames and email addresses, names, locations by country and region, account creation dates, passwords hashed in various formats, and other account information.

We haven’t found any financial data in the samples.

Little is known about the hacker, and it remains unclear exactly how these sites were hacked.

Ariel Ainhoren, research team leader at Israeli security firm IntSights, told TechCrunch this week that the hacker was likely using the same exploit to target each of the sites and dump the backend databases.

“As most of these sites were not known breaches, it seems we’re dealing here with a hacker that did the hacks by himself, and not just someone who obtained it from somewhere else and now just resold it,” said Ainhoren. The software in question, PostgreSQL, an open-source database project, said it was “currently unaware of any patched or unpatched vulnerabilities” that could have caused the breaches.

We contacted several of the companies prior to publication. Only Gfycat responded, saying it was launching an investigation. We’ll update once it comes in.

Coffee Meets Bagel goes anti-Tinder with a redesign focused on profiles, conversations

How do other dating apps compete with Tinder? By further distancing themselves from Tinder’s “hot-or-not” user interface design to focus on differentiating features — like conversation starters, commenting and richer profiles. Today, another anti-Tinder app is doing the same. On the heels of its $12 million Series B announced earlier this year, the oddly named […]

How do other dating apps compete with Tinder? By further distancing themselves from Tinder’s “hot-or-not” user interface design to focus on differentiating features — like conversation starters, commenting and richer profiles. Today, another anti-Tinder app is doing the same. On the heels of its $12 million Series B announced earlier this year, the oddly named app Coffee Meets Bagel is today announcing a significant makeover, which includes a change to the way the app works.

Its cleaner, lightweight and more modern design does away with bright, competing colors and other outdated features, the company says. But more notably, it has ditched the big “Pass” or “Connect” buttons — its earlier variation on Tinder’s “like” and “dislike” buttons, which nearly all dating apps have now adopted.

Instead, Coffee Meets Bagel’s new interface puts more emphasis on user profiles — showcasing more of the text, and giving users the option to “heart” the profile or now, even comment.

Before a match takes place, users can tap a new commenting button that allows them to respond to the user’s profile directly, before making a connection. This could help potential matches break the ice or even spark a connection that may not have otherwise happened.

The feature is similar, to some extent, to the commenting feature in Hinge, a relationship-focused app that allows users to directly comment on some aspect of another user’s profile.

Coffee Meets Bagel says that during its beta testing, members who sent comments to their matches had a 25 percent higher chance of getting liked back. And when comments led to conversations, there was a 60 percent increase in total messages exchanged.

Focusing on enabling better conversations is a good way for other dating apps to combat Tinder, which leaves communication up to the users to initiate, without much guidance. This leads to inboxes filled with “hi’s” and nothing much else to say. By integrating commenting into profiles, however, users will be prompted to start conversations based on something they’ve read — allowing people to connect based on more than just their photos.

The app has also revamped its Discover and Suggested sections to offer seamless scrolling and better navigation, respectively. These sections are less cluttered than before, too, in keeping with the more minimalist spirit. Even the Coffee Meets Bagel logo has gotten a makeover, where the C and B now meet in the shape of a heart.The company’s anti-Tinder stance is shaping up in its social content, too. While Tinder has more recently embraced hook-up culture and the single life with its online publication “Swipe Life,” CMB is instead creating content that’s more inspiring, it says.

“We’re taking a stance against online dating conventions, like ghosting and treating people like profiles. We’re expanding the conversation to the self: self-reflection, self-discovery, and self-love,” the company explains in its announcement.

Coffee Meets Bagel has raised just under $20 million since launching back in 2012, but it’s faced threats from Tinder, which has challenged its model head-on with Tinder Picks — a curated selection of matches for Tinder Gold subscribers, similar to Coffee Meets Bagel’s curated daily picks.

The company’s app has close to 7 million installs to date, according to data from Sensor Tower, and more than $25 million in gross revenue. The revenue is growing over time, the firm also found, with users spending approximately $900,000 in the app last month, up 30 percent from November 2017.