According to reports by several Russian news agencies last week, offers to buy a database containing the client details of the Mamba.ru virtual dating agency were distributed throughout the Internet via spam. The agency denied there had been any leak, however, saying the reports were part of a “dirty tricks" campaign.
SecurityLab, a well-known site in the Russian segment of the Internet, published the initial report stating that the private database of the virtual dating agency Mamba.ru was freely available. An unsolicited offer to buy the database was delivered to an employee of the Web site in the form of a spam message. The message offered access to the photographs, contact details and intimate messages of over 5 million of the agency's subscribers, who allegedly include “politicians, businessmen, showbiz stars, sportsmen and millions of ordinary people," for the period 2004-2005.
News of a leak at Mamba.ru was published by a number of Russian sites, but disappeared from some a few days later. This may have been as a result of an official statement released by the dating agency in which it described the news of a leak as a “dirty tricks campaign". Mamba's press release refuted “the rumours on the Internet of a supposed information leak from the company's database of subscribers."
The evidence provided by the agency to back up its claim was based on logical reasoning: the size of the allegedly leaked information amounted to 10 GB, but, according to Mamba, just one of its photographs takes up significantly more than 10 GB. Mamba's statement also pointed out that subscribers are not allowed to provide their telephone number or any other form of contact information on the agency's application forms.
“Whether this mysterious leak took place, or not, can easily be cleared up if someone who has received this advert makes a 'test purchase' of the database. At least then the journalists would have something to talk about," explains Denis Zenkin, marketing director at InfoWatch.
Mamba's executive director was also keen to point out that access to the database was restricted to a limited number of employees, ruling out the possibility of an insider causing a leak. He reiterated the view that the incident was probably linked to a campaign to discredit the company and that the absence of any real contact information should have been sufficient to disprove the claims of those selling the alleged database.
However, despite the high-level of protection afforded the private details of Mamba's subscribers, the dating agency still includes a clause in its service contracts stating that the company is not responsible for any loss of information or damage caused as a result of using the site.
“Of course, no amount of 'restricted access' will save a database from leaks. The clause in the contract declaring that that the agency is not responsible for any data being lost means that the management is by no means certain about the high level of security mentioned in the press release. I hope that the federal law 'On personal data' eventually puts an end to this kind of disorder," adds Denis Zenkin.
