- HBO’s ‘Watchmen’ and the fantasy of competence 6 Years Ago
- Cómo ver Kamaru Usman vs. Colby Covington en el UFC 245 Today 7:00 AM
- ‘Penis fish’ memes erupt after worms wash up on California coast Friday 5:58 PM
- Why Britons are tweeting ‘Little England’ in wake of the U.K. election Friday 3:22 PM
- Net neutrality advocates ask for rehearing on federal court decision Friday 2:29 PM
- Americans are sharing their #PrivateHealthLIFEhacks to help Brits Friday 2:28 PM
- Warren, Sanders, Yang pledge to skip next week’s debate over union dispute Friday 2:12 PM
- How to watch tonight’s Nets vs. Raptors matchup on NBA TV Friday 2:00 PM
- Alt-right comedian Owen Benjamin banned from Instagram over anti-Semitic memes Friday 1:55 PM
- TikTok teens are procrastinating with #FinalsWeek Friday 1:46 PM
- ‘The Mandalorian’ takes on a prison break in episode 6 Friday 1:30 PM
- Nick Cannon vs. Eminem battle expected to escalate after ‘off-limits’ daughter diss Friday 12:50 PM
- Laura Loomer vehemently denies being author of new Laura Loomer-themed action novel Friday 12:30 PM
- PewDiePie’s poop-inspired game gets banned by Apple Friday 11:29 AM
- ‘Game of Thrones’ showrunners to adapt ‘Lovecraft’ graphic novel to screen Friday 11:00 AM
42 million dating-site passwords exposed in security breach
This wasn’t the kind of intimacy users were looking for.
To be unlucky in love is bad enough, but to find out that someone is only interested in you for your password? That’s got to sting. Sadly, that’s the position some 42 million online daters past and present currently find themselves in, due to a security breach that occurred earlier this year. Though not all of them know they’ve been exposed.
Brian Krebs of KrebsOnSecurity encountered the Cupid Media data—in plaintext, no less—on a server where hackers had also stored files pilfered from Adobe and PR Newswire. Cupid is an Australian company that offers niche services based on country, lifestyle, and ethnicity. It has no corporate affiliation with OkCupid, whose users can rest easy (for now).
Krebs was able to break down the email address involved to make some curious observations; he noted that 56 Department of Homeland Security employees had registered for a Cupid site with their work account, for example. And since he didn’t have to decrypt the passwords, he was able to identify the most common: more than 1.2 million people went with “111111,” but nearly 2 million opted for the more sophisticated “123456.” Has nobody here seen Spaceballs? The alphabetic codes weren’t much better, and certainly sadder: “iloveyou,” “loveme” and “mylove” all made the top 10 in that category. Perennial favorite “password” shows up too.
Cupid Media’s managing director, Andrew Bolton, confirmed that the leak was associated with a breach in January, noting that since those events, “we hired external consultants and implemented a range of security improvements which include hashing and salting of our passwords.” Still, it’s far from a sure thing that every user affected has been notified of the intrusion and taken steps to prevent themselves—especially since at least 12 million of them have “old, inactive or deleted accounts.”
The worry was never that someone might take control of your dating profile and impersonate you. It’s rather a question, as Krebs points out, of ending up on a spam list or opening the door to broader identity theft. If you’re the type to use the same password across multiple accounts (and if you’re using passwords this flimsy, it’s likely you are), any one of them could be vulnerable to unauthorized entry. Just one more reason to find romance in meatspace, it seems.
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'