Contributed by: ElyseRomano on Thursday, January 09 2014 @ 06:48 am
Last modified on
Somewhere in the back of our heads, rattling around with all the other information we ignore like "You really shouldn't drink that last shot of tequila," we know that having an online account means accepting the risk that that account might be hacked. But no matter how many times we hear horror stories of it happening to someone else, we never quite believe it could happen to us.
Imagine the surprise, then, that Cupid Media users must have felt when the service was hacked early in 2013 and the names, e-mail addresses, and plaintext passwords for 42 million accounts were exposed. Ouch. That has gotta sting.
Ars Technica reports[*1] that "The cache of personal information was found on the same servers that housed tens of millions of records stolen in separate hacks on sites including Adobe, PR Newswire, and the National White Collar Crime Center." An official from Cupid Media explained that the hack appeared to be connected to "suspicious activity" that was detected on the site in January and officials say they believe they have notified all affected users, but those actions and explanations are likely to do little to appease users whose personal information has been compromised.
The Cupid Media hack will go down in history as one of the largest passcode breaches on record so far, a dubious distinction made even worse by the fact that the data was in plaintext, rather than a cryptographically protected format that requires significant effort to crack. Because many Internet users reuse the same passwords on multiple websites, a hack on this scale can give thieves instant access to tens of thousands of sensitive accounts tied to a user's e-mail address.
"Making matters worse," Ars Technica speculates, "many of the Cupid Media users are precisely the kinds of people who might be receptive to content frequently advertised in spam messages, including male enhancement products, services for singles, and diet pills."
And making matters even worse than that, a review of the Cupid Media user records that were exposed reveals that a significant portion of them were protected with weak passwords in the first place. More than 1.9 million accounts were protected with the password "123456." Another 1.2 million used "111111." How is it that, in this day and age, there are still people who think those are secure passwords? Have they never seen the Internet before?
Take note, online daters: the more random your password is, the safer it is. And please, please, never use the same password on multiple sites.