Topface conducted an investigation of 20 million users email addresses leakage. The audit has identified a vulnerability through which the hacker could get an access to e-mail addresses of our users. Regarding the character of the leak ( we are talking about email addresses only) there was no access to other information — neither passwords, nor content of the accounts (private correspondence or photos). Due to the fact that we do not store any billing information of users, and authorisation of more than 95% of accounts are going via social networks, we are confident, that third parties could not get any additional data of users. Nevertheless, we have already notified the part of our users who use e-mail as a login for preventive change of a password.

We also were able to find and contact the hacker who published (and then deleted them) the ads with an offer to sell email database. He has confirmed the findings of our investigation and has made an agreement with Topface for no further distribution of acquired email addresses database. Due to the fact that he has not passed the data to anyone and has no intention to do so in the future, we will not accuse him, moreover, we have paid him an award for finding a vulnerability and agreed on further cooperation in the field of data security. Also, we would like to thank fraud-detection software-maker Easy Solution Inc., who has first discovered posting by the hacker on the forum and has helped us in our investigation.

Despite the fact that we are confident in the absence of any effects of the incident for our user, we are sorry for the inconvenience caused and applying notably improved data protection system on the service.