Contributed by: ElyseRomano Thursday, May 03 2018 @ 11:51 am
Halloween has come early for Match.com. The venerable dating site made headlines last week for an outbreak of zombies -- zombie profiles, that is.
A report from The Verge[*1] revealed that a glitch has resurrected an unknown number of deleted Match profiles from the dead. In an interview, former Match user Jason Debiak explained his surprise when, over breakfast with his wife and daughter, an email announcing 10 new matches on a decade-old, deactivated account appeared in his inbox.
“I log in, and there I am, from 15 years prior, with less gray hair,” he said. “And my whole profile is there, everything.”
He’s not the only one. A Match Group spokesperson since confirmed that a “limited number” of old profiles were accidentally reactivated on the site. Any account affected has reportedly received a password reset, but the incident is troubling at a time when discussions around cybersecurity, data retention, and privacy have reached fever pitch.
The Verge cites a 2009 ComputerWorld report[*3] in which Joseph Essas, eHarmony’s then-VP of technology, said, “We have an archiving strategy, but we don’t delete you out of our database. We’ll remember who you are.”
Herb Vest, founder and CEO of the now-shuttered site True.com, said in the same report: “The data just sits there.”
Match Group owns numerous dating services, including Tinder, OkCupid, and Plenty of Fish, all of which use similar language in their privacy statements. OkCupid[*4] affirms that it retains data from disabled accounts. Tinder[*5] and Plenty of Fish[*6] both claim that data is retained “only as long as we need it for legitimate business purposes and as permitted by applicable legal requirements.”
“There probably are good reasons to keep deleted profiles for some period of time — for example, to prevent or detect repeat users or fake users, etc,” Albert Gidari, consulting director of privacy at the Stanford Center for Internet and Society, told The Verge. “But that doesn’t mean forever.”
Thirty-two states -- including Texas, where Match Group is headquartered -- have enacted data disposal laws that require “entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.” Thirteen states, also including Texas, have laws that require companies to act in accordance with reasonable cybersecurity practices.
The language is vague at best, and most users are unaware of both the laws protecting them and the privacy terms to which they agree. The sudden appearance of undead dating profiles is a stark reminder of the need for privacy in the digital age.