The hack happened earlier this year and was only detected after the site started seeing “suspicious activity,” but it appears no one knew about the hack until KrebsonSecurity started looking into it.
While officials thought everyone had been notified that their email addresses, names and plaintext passwords had been breached, they’re now looking at everything again.
All that personal info was found on the same servers that were breached in separate hacks on sites like Adobe, PR Newswire and others.
“In January we detected suspicious activity on our network and based upon the information that we had available at the time, we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts,” Andrew Bolton, the company’s managing director tells Krebs. “We are currently in the process of double-checking that all affected accounts have had their passwords reset and have received an email notification.”
It could be one of the biggest password breaches in history, especially in light of the information sitting around in plaintext. It’s always a worry when one site is hacked, because many of those 42 million users might reuse the same passwords at multiple sites with the same email address, giving hackers access to those other accounts as well. Jackpot, essentially.
Even more troubling is that many Cupid Media users didn’t think out of the box when they created those passwords — more than 1.9 million accounts used the passcode 123456. Another 1.2 million went for the always creative 111111.
Now’s a good time for a password refresher: Don’t reuse passwords on multiple sites, and choose passwords that are either randomly generated by a password keeper or just make sure each one is a unique combination of letters, numbers and symbols. Otherwise you’ll be left scrambling to change your login info on every site you use, from banking to social media.
Cupid Media Hack Exposed 42M Passwords [KrebsonSecurity]