Cupid Media hack exposed 42m online passwords that are dating

Cupid Media hack exposed 42m online passwords that are dating

A number of Cupid Media’s web internet sites. Photograph: /Screenshot Photograph: Screenshot

As much as 42 million individuals’ unencrypted names, times of delivery, e-mail details and passwords were taken by code hackers whom broke into a business that operates niche online sites that are dating.

Cupid Media, which runs niche online internet dating sites such as, and, ended up being hacked in but did not admit to the break-in until it was exposed by security researcher Brian Krebs january.

Cupid Media is certainly not associated with okay Cupid, A us dating internet site.

The information taken from Cupid Media, which runs 35 online dating sites entirely, ended up being found by Krebs regarding the exact same server that housed individual information stolen from Adobe, whom disclosed their breach previously in November. But unlike Adobe, that used some encryption from the information, Cupid Media retained individual information in ordinary text. In addition to passwords, that features names that are full e-mail details, and times of delivery.

Cupid’s handling director Andrew Bolton admitted to Krebs that the breach had took place 2013 january. At that time, «we took that which we considered to be appropriate actions to inform affected customers and reset passwords for a specific selection of individual reports,» Bolton stated. “We are along the way of double-checking that all affected records have experienced their passwords reset and also have received a message notification.»

Nevertheless like Adobe, Cupid has just notified active users whom are suffering from the information breach.

Within the situation for the computer computer software giant, there have been significantly more than 100m inactive, disabled and test records impacted, along with the 38m to which it admitted during the time.

Bolton told Krebs that «the amount of active people suffering from this occasion is dramatically lower than the 42 million which you have actually formerly quoted». He also confirmed that, because the breach, the business has begun encrypting passwords utilizing practices called salting and hashing – a safety that is industry-standard which renders many leakages safe.

Jason Hart of Safenet commented: «the real effect regarding the breach will be huge. Yet, then all hackers might have discovered is scrambled information, making the theft useless. if this information was encrypted to start with»

He included: «A lot of companies shy far from encryption due to worry so it will be either too high priced or complicated.

The truth is so it doesn’t need to be either. With hacking efforts becoming very nearly an occurrence that is daily it is clear that being breached is certainly not a concern of ‘if’ but ‘when’. Although their motives can be various, a hacker’s ultimate objective is to achieve use of sensitive and painful data, so organizations must ensure they’ve been using the necessary precautions.»

He proposed that too security that is many are «holding about the past» within their protection strategy by wanting to avoid breaches in place of safeguarding the info.

Just like other breaches, analysis of this released data provides some interesting information. More than three quarters for the users had registered with either a Hotmail, Gmail or Yahoo current email address, however some addresses hint at more security that is serious. A lot more than 11,000 had utilized a US army email address to join up, and around 10,000 had registered with A united states government target.

Associated with passwords that are leaked very nearly two million picked «123456», and over 1.2 million decided «111111». «iloveyou» and «lovely» both beat away «password», even though 40,000 chose «qwerty», 20,000 opted the underside row associated with keyboard rather – yielding the password «zxcvbnm».