42 million unencrypted passwords leaked from hacked online dating site Cupid Media

How do you express your love online? Not by storing 42 million passwords in plain text and hiding the fact that you were hacked from your customers who are looking for love. The breach of Cupid Media, which has more than 30 niche online dating websites, allowed hackers to harvest personal details like names, addresses, dates of birth and passwords from 42 million accounts.

online dating, hacking

Krebs on Security reported that the personal details hauled away from the Cupid Media intrusion were found on the same web server “where hackers had amassed tens of millions of records stolen from Adobe, PR Newswire and the National White Collar Crime Center (NW3C), among others.”

Security journalist Brian Krebs, who could find no record of the Cupid Media hack, reached out to the company and was told by Andrew Bolton, Cupid Media’s managing director, that the breach occurred in January 2013. “In January we detected suspicious activity on our network and based upon the information that we had available at the time, we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts. We are currently in the process of double-checking that all affected accounts have had their passwords reset and have received an email notification.”

Bolton stated, “Protecting our customer’s privacy and data is important to us and we will continue to make additional investments in improved security for our members.” He added that the company is committed to investigating the breach, blah blah blah, followed by more PR-speak that stinks like cow manure when you consider Krebs’ report is the first we heard of this huge hack.

After Krebs mentioned the unencrypted passwords, Bolton had the audacity to suggest Krebs might have “illegally accessed” member accounts. The company says it has more than 30 dating sites with over 30 million members, but that 42 million is an inaccurate number of members as the records included inactive or deleted accounts. Yes, well inactive or not, tell that to the people who reuse the same password on other sites.

Pitiful passwords

Storing passwords in plain text is pitiful, but so are the awful password choices. Krebs found that more than 10% of Cupid’s users had one of the top 10 passwords. The top three numeric passwords were “123456” used to protect over 1.9 million accounts, “111111” used on more than 1.2 million accounts, and “123456789” used over 500,000 times. The non-numerical password of “iloveyou” was used 91,269 times, followed by “lovely” on over 54,000 accounts, and “qwerty” was the password for more than 40,000 member accounts. If you use such a password, did you reuse it elsewhere? Change it now, and please try to be a bit more imaginative and secure when you create a new password. If you were a member of Cupid Media’s dating sites, then watch out for phishing emails, prepare for massive spam, and perhaps you should review “free candy” social engineering tricks.

Dudes who like this chick also liked these attractive girls

Speaking of online dating, computer scientists have come up with a new algorithm that accesses your tastes in potential mates, but only matches you to potential partners who would most likely find you attractive too. Researchers Kang Zhao, Xi Wang, Mo Yu, Bo Gao submitted “User recommendation in reciprocal and bipartite social networks -- a case study of online dating” [pdf] to the 2014 conference for IEEE Intelligent Systems.

Amazon, Netflix and other big online sites recommend products based on your past purchases or browsing history as well as recommendations via other customers with similar such history. The dating recommendation equivalent is “boys who liked this girl also like these girls” and “girls who liked this boy also liked these boys,” explained MIT Technology Review. But “the problem with this approach is that it takes no account of your attractiveness. If the people you contact never reply, then these recommendations are of little use.” So the new dating recommendation engine “considers a user’s ‘taste’ in picking others and ‘attractiveness’ in being picked by others.”

After working with anonymized data from 47,000 users of a dating website, the researchers claimed their method of recommending potential dates is superior. “If a user approaches a partner recommended by [our engine], he/she will have a better chance of getting responses.” It remains to be seen if any dating sites will implement this new recommendation engine.

Hottie strangers sharing a LoveRoom

If a potential overnight partner’s attractiveness is the only thing that matters, then the recently beta-launched LoveRoom is looking to hook you up with other “singles who are ‘sharing a room’ or ‘seeking a room’ for free.” LoveRoom wants you to “rent your room to attractive people.” The site explains that “LoveRoom is a platform where people can rent their living space to other people under one condition: they need to be attractive.”

LoveRoom

"We have over 700 users," founder Josh Bocanegra told ABC News, with most ranging in age from 25 to 35. “It's not just about sharing with complete strangers. It's about sharing with those who spark your interest, those who you might have a connection with." Safety tips on how to avoid “wacked situations” and advice to avoid creeps include “make sure your host is a hottie.” Although this is not my area of expertise, I’m fairly certain that the hotness factor doesn’t rule out psychos. 

Speaking of psychos and wacked situations, here’s a cautionary and terrifying tale about a horror film producer and her cyberstalker from hell.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies