How to hack your partners or friends Plenty of Fish account

When I received my weekly "Matches" from Plenty of Fish, I discovered a way to hack someones Plenty of Fish account. Here is a tutorial on how to hack someones Plenty of Fish account and see what they are upto (if they are your partner, friend etc). This tutorial is meant to demonstrate the poor security of Plenty of Fish, as it seems they store a users password in the clear or in a way that their system can retrieve the users password. The proper way (from what Steve Gibson of Security Now) has taught me is to hash the password so that you can't retrieve it and if you have forgotten your password, you will have to have a new one sent to you as the system is unable to retrieve your old one.

  1. Go to computer of your partner while they are logged into their user account (and not at their computer)
  2. Open their e-mail client (or web e-mail if they have enabled auto login)
  3. Search for an e-mail from "Customer Care" with the Subject line "Username New Matches for Month day" Example March 11
  4. Open the e-mail and it will read like this
    Hello username,

    Thank you for signing up on 8/12/2009 12:52:51 AM.
    Remember your password is users password.

  5. login into using the username and password provided in the e-mail Plenty of Fish sent them.
  6. Snoop around their account. change their profile, spy on them do what ever you want.