- Redditor wants to know if he’s the a**hole for ghosting pregnant partner Thursday 8:19 PM
- How to go live on TikTok Thursday 8:08 PM
- Joey Salads suggests Democrats carried out Santa Clarita mass shooting Thursday 7:31 PM
- How influencers use TikTok to make money and launch careers Thursday 7:18 PM
- How to stream Argentina vs. Brazil live Thursday 6:51 PM
- How to watch Disney+ on a smart TV Thursday 6:28 PM
- Miss Fame calls out Justin Bieber for low music video appearance pay offer Thursday 6:19 PM
- Trump Jr. ranked No. 1 on best-seller list—after the GOP gave away copies of his book Thursday 5:45 PM
- How to get Disney+ bundle if you already subscribe to Hulu and/or ESPN+ Thursday 5:19 PM
- Mo’Nique suing Netflix for race and gender discrimination Thursday 5:09 PM
- Students outraged that professors accused of sexual misconduct are still teaching Thursday 5:00 PM
- TikTok users jokingly wear big hats to sneak snacks into movie theaters Thursday 3:59 PM
- Why today’s new facially recognition bill is being called ‘woefully’ inadequate Thursday 3:15 PM
- Facebook has given more user data to the government than ever before Thursday 2:57 PM
- How to sign up for Disney Plus Thursday 2:55 PM
42 million dating-site passwords exposed in security breach
This wasn’t the kind of intimacy users were looking for.
To be unlucky in love is bad enough, but to find out that someone is only interested in you for your password? That’s got to sting. Sadly, that’s the position some 42 million online daters past and present currently find themselves in, due to a security breach that occurred earlier this year. Though not all of them know they’ve been exposed.
Brian Krebs of KrebsOnSecurity encountered the Cupid Media data—in plaintext, no less—on a server where hackers had also stored files pilfered from Adobe and PR Newswire. Cupid is an Australian company that offers niche services based on country, lifestyle, and ethnicity. It has no corporate affiliation with OkCupid, whose users can rest easy (for now).
Krebs was able to break down the email address involved to make some curious observations; he noted that 56 Department of Homeland Security employees had registered for a Cupid site with their work account, for example. And since he didn’t have to decrypt the passwords, he was able to identify the most common: more than 1.2 million people went with “111111,” but nearly 2 million opted for the more sophisticated “123456.” Has nobody here seen Spaceballs? The alphabetic codes weren’t much better, and certainly sadder: “iloveyou,” “loveme” and “mylove” all made the top 10 in that category. Perennial favorite “password” shows up too.
Cupid Media’s managing director, Andrew Bolton, confirmed that the leak was associated with a breach in January, noting that since those events, “we hired external consultants and implemented a range of security improvements which include hashing and salting of our passwords.” Still, it’s far from a sure thing that every user affected has been notified of the intrusion and taken steps to prevent themselves—especially since at least 12 million of them have “old, inactive or deleted accounts.”
The worry was never that someone might take control of your dating profile and impersonate you. It’s rather a question, as Krebs points out, of ending up on a spam list or opening the door to broader identity theft. If you’re the type to use the same password across multiple accounts (and if you’re using passwords this flimsy, it’s likely you are), any one of them could be vulnerable to unauthorized entry. Just one more reason to find romance in meatspace, it seems.
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'