Online dating site Cupid Media was hacked earlier this year, exposing 42 million user details which included unencrypted passwords.
According to security blogger Brian Krebs, the intrusion on the Australian website was found after the data was found on the same server as the data from the Adobe attack. Krebs said that this included names, email addresses, unencrypted passwords and birthdays of 42 million users which the company said was from a breach in January 2013.
Andrew Bolton, managing director of Cupid Media, said: “In January we detected suspicious activity on our network and based upon the information that we had available at the time, we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts.
“We are currently in the process of double-checking that all affected accounts have had their passwords reset and have received an email notification.” Bolton also told Krebs that a large portion of the records located in the affected table related to old, inactive or deleted accounts, and the number of active users was “ considerably less than the 42 million”.
Bolton later thanked Krebs for the additional information, which he said provided “a clearer picture of what transpired back in January”, and confirmed that it was in the process of double-checking that all affected accounts have had their passwords reset and have received an email notification.
He said: “Subsequently to the events of January we hired external consultants and implemented a range of security improvements which include hashing and salting of our passwords. We have also implemented the need for consumers to use stronger passwords and made various other improvements.
“We would like to thank you for bringing this issue to our attention and I can confirm that we are committed to investigate this matter further and make any additional improvements still required. Protecting our customer’s privacy and data is important to us and we will continue to make additional investments in improved security for our members. We sincerely apologise for the inconvenience this has caused our members.”
Earlier this year, the Information Commissioner’s Office announced that it would investigate dating websites that readily sold user’s data, and that it had written to major websites and the industry trade body, the Association of British Introduction Agencies, over concerns about handling personal data.