Advice to online dating customers of Cupid Media following breach: SSO Alert Priority High
22 November 2013
Users of online dating website Cupid Media are advised that a breach of its customer data, from as far back as January 2013, has been discovered, involving as many as 42 million customer records.
The records stolen include customer names, email addresses and unencrypted passwords.
The stolen data was discovered in November 2013, in the same location where data dumps from other recent breaches were found, including the recent Adobe breach.
Cupid Media has indicated it initially took action following the January breach to reset customer passwords and introduce password encryption, but following the current publicity, it has stated it is now, “double checking that all affected accounts have had their passwords reset and have received an email notification.”
Cupid Media also indicated that the 42 million records likely included old and inactive user accounts.
If you use Cupid Media, you are advised to change your password.
If you use similar log on information for other online services, you should also change these – ensuring they are unique.
It was quickly revealed that nearly 2 million accounts for Cupid Media used the weak and easily guessed password, “123456”.
As with other large scale breaches such as the Adobe breach, the likelihood of people reusing their password on other services is also, unfortunately, high; and when combined with a name or email address, it is a simple matter for hackers to seek other online services where these credentials are enough to gain access.
To help avoid this, Facebook representatives have also indicated it is studying the breached data and may contact any Facebook users it can identify reusing their Cupid Media passwords on Facebook, forcing them to change it. Other online services may take similar steps.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.