Hack Of Cupid Media Dating Site Exposes 42 Million Unencrypted Passwords

Usually when there’s a major hack of personal information, at least whichever site or company storing users’ passwords has done some fancy encryption and made it just a wee bit more difficult for the perpetrators to figure it out. But it seems a recent hack of 42 million accounts with Cupid Media dating sites won’t prove tricky for the hackers to decipher, as the passwords were stored in plaintext. Oh, sigh of sighs.

The hack happened earlier this year and was only detected after the site started seeing “suspicious activity,” but it appears no one knew about the hack until KrebsonSecurity started looking into it.

While officials thought everyone had been notified that their email addresses, names and plaintext passwords had been breached, they’re now looking at everything again.

All that personal info was found on the same servers that were breached in separate hacks on sites like Adobe, PR Newswire and others.

“In January we detected suspicious activity on our network and based upon the information that we had available at the time, we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts,” Andrew Bolton, the company’s managing director tells Krebs. “We are currently in the process of double-checking that all affected accounts have had their passwords reset and have received an email notification.”

It could be one of the biggest password breaches in history, especially in light of the information sitting around in plaintext. It’s always a worry when one site is hacked, because many of those 42 million users might reuse the same passwords at multiple sites with the same email address, giving hackers access to those other accounts as well. Jackpot, essentially.

Even more troubling is that many Cupid Media users didn’t think out of the box when they created those passwords — more than 1.9 million accounts used the passcode 123456. Another 1.2 million went for the always creative 111111.

Now’s a good time for a password refresher: Don’t reuse passwords on multiple sites, and choose passwords that are either randomly generated by a password keeper or just make sure each one is a unique combination of letters, numbers and symbols. Otherwise you’ll be left scrambling to change your login info on every site you use, from banking to social media.

Cupid Media Hack Exposed 42M Passwords [KrebsonSecurity]

Read Comments2

Edit Your Comment

  1. CommonC3nts says:

    Here is a list of their sites: http://www.cupidmedia.com/services.cfm
    They are not OKcupid so I dont think this affects many people in the US.

  2. SuperSpeedBump says:

    How interesting. One of the web sites they run is Online Dating Safety Tips, and that site has 3 whole sections on Password Security. A pity they never bothered to research Database Security Tips.