[BreachExchange] Guardian Soulmates website hacked as dating data breached

Audrey McNeil audrey at riskbasedsecurity.com
Mon May 8 19:09:55 EDT 2017


The Guardian’s online dating website has suffered some manner of data
breach , with user information getting spilled and subsequently used in
targeted spam emails of a sexually explicit nature.

Users of the Guardian Soulmates website have reportedly received spam
messages which include details drawn from their site profiles, and
according to one user who spoke to the BBC , the emails “directly
[referenced] information that could only have come from the Soulmates

Apparently, said user – who is employed in the IT arena – contacted The
Guardian newspaper regarding the incident last November, and received a
reply confirming the data leak late last month.

A spokeswoman for the Soulmates site told the Beeb that only email
addresses and user IDs had actually been exposed, but that this information
allowed malicious parties to dig up further details on members by finding
and combing through their online profiles (which are public).

The data was leaked thanks to ‘human error’, the publisher of the newspaper
noted, and it wasn’t the fault of a Guardian employee, but rather a
third-party technology provider.

No more details were supplied about the source of the data spillage, but
The Guardian confirmed that the problem no longer exists, as you would hope.

Privacy priorities

Soulmates is a dating service that folks can sign up for worldwide, and one
of its selling points is privacy and moderation policies that ‘mean you and
your data are safe’. Not so much in this case.

The Guardian has apologized to anyone affected – apparently the site has
received 27 messages from users who have had their email addresses exposed,
but there may be considerably more folks hit (or who will be hit) by the
issue – and said that it was reviewing its use of third-party suppliers.

The sad truth is that data breaches are far from a surprise these days,
with one coming after another without much batting of eyelids involved
anymore. Last month we witnessed a huge breach at Wonga (a payday loan
outfit) in the UK which affected almost a quarter of a million customers.

You can certainly take steps to guard your personal data against hackers to
some extent, but if you’re using services on the internet, then there’s not
much you can do if their security – or a related third-party working with
the firm – is lax.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170508/a4fdee9f/attachment.html>

More information about the BreachExchange mailing list