Password Optional: Huge Security Breach Hits SpeedDate
February 03, 2009 at 22:31 PM EST
Wow. Something is seriously wrong at SpeedDate , the online dating site that throws strangers into whirlwind 3 minute dates. For at least 30 minutes this evening (and possibly more), passwords were totally optional. Type in a user name (no password needed), hit "Log In", and you had access to every private message, 'flirt', and buddy list available on the user's profile. You could modify profile photos, bios, or whatever else you could find. Epic. Fail. We've verified that the issue worked with at least five different accounts. One account didn't work, the others went though without a hitch. Fortunately there isn't a whole lot of damage you can do on the site beyond read or send private messages, but as far as security breaches go it doesn't get much worse than this.