A controversial dating website that restricts its membership to “beautiful people” has had the personal details of over 1.1 million members leaked online, according to a report by Forbes.

The sensitive data from Beautifulpeople.com included names, addresses, sexual preference, phone numbers, relationship status, email addresses and 15 million private messages that were passed between the site’s customers.

Forbes was informed of the leak in December 2015 by Chris Vickery, the MacKeeper security researcher who was also responsible for discovering the Mexican voter leak reported yesterday. At the time, the dating website said the data came from a test server, and no user details had been compromised. The server was locked up, and the incident didn’t appear to be serious.

It’s now claimed, however, that the leaked information is real user data that has been traded among cyber criminals. The revelation comes from Australian security expert Troy Hunt, who runs HaveIbeenPwned.com, where people can check the data from some of the biggest online leaks in recent years to see if it includes their information. Hunt said he was handed the info by a contact who operated in “data trading circles.”

Other member information contained in the leaked database included weight, height, job, education, body type, eye color and hair hue. There was also location data (longitude and latitude), smoking and drinking habits, interests and favorite TV shows, movies, and books.

While all cybercrimes are reprehensible, this latest incident does bring to mind the Ashley Madison breach, which saw the details of 37 million cheaters posted online. The misfortune of a website that boasted about denying access to 1.8 million “ugly people” is definitely eliciting feelings of schadenfreude in many people. Beautifulpeople.com regularly culls thousands of members every year for gaining weight and aging.

In a statement to the Daily Mail, the site said: “There has been no new breach of our system. This vulnerability was widely reported in November of 2015 with 35,000 vulnerable MongoDB servers affecting businesses large and small. The data said to be accessible on the 'dark web' is the same data as the two security researches accessed and downloaded in the December 2015 breach.”

“All impacted members are, of course, being notified once again. The data does not contain any credit card information and user passwords are encrypted. The privacy and security of our members is of paramount importance to us and this matter is being investigated.”

Forbes asked two members of the site if they had been warned about any security issues in December. They had not.