On March 25, 2012, lulzboatR (LulzSec Reborn) released over 160,000 accounts containing emails and passwords hashed with unsalted MD5 obtained from militarysingles.com, a dating site for military personnel. lulzboatR announced the release in a Twitter post at https://twitter.com/#!/lulzboatR/status/183987966232903680. The site operator, ESingles Inc., appears to have acknowledged the hack based on a comment posted at http://www.databreaches.net/?p=23736. However, they do not appear to have posted any notice on the dating site itself to explicitly inform the affected users.
In a separate Twitter post, KoreLogic Security mentioned that 93% of the hashed passwords were cracked in 24 seconds. This is possible given the fact that the passwords were hashed without salt and it is also likely that the site does not enforce the use of strong passwords either.
What should you do?
Use the search box below to find out if your email is in the list. If yes, you are advised to change your password immediately if it is still in use elsewhere. For your privacy, do not enter your complete email in the search box. Try using the first part of your email instead, e.g. example instead of email@example.com.
If you wish to have your entry removed from the list below, please send an empty email to firstname.lastname@example.org with subject "militarysingles removal request". The removal is done automatically within 24 hours if you use the same email as the one appeared in the list. This page may be cached for up to 24 hours.
|ID||Email / Username||Password|
|A valid search term is required!|