Hackers swan off with 42m Cupid Media passwords
A major security breach at Cupid Media, the Australian online dating service, has seen hackers walk away with 42m passwords – exposing users to the risk of identity theft.
The breach occurred way back in January this year but the full scale of the loss only became apparent when millions of client names, email addresses, unencrypted passwords and birthdays were found on the hackers server.
Cupid Media is now belatedly double-checking affected accounts to ensure that there passwords have been reset and has issued email notifications to users.
Commenting on the case Patrick Thomas, security consultant at Neohapsis, a security and risk management consulting company specialising in mobile and cloud security services, said: “Using the same password on multiple sites risks exposing that password if any sites are breached; the excellent security of one site is entirely nullified if attackers can harvest the correct password from a breach of a less secure site. Most internet users will be far better off using random, unique passwords simply writing them down, or taking advantage of password vault programs that help generate and store passwords.”
Eric Chiu, president & co-founder of HyTrust, the cloud infrastructure control company, added: “Companies are obligated to protect private customer data, intellectual property and regulated information. Organisations should secure the data itself through automated encryption as well as control administrator access to systems containing sensitive data by implementing fine-grained access controls and role-based security. Bottom line, companies should assume the bad guys are already on the network, taking an ‘inside-out’ approach to security.”