Cupid Media Hack Exposed 42M Passwords

Brian Krebs reports:

An intrusion at online dating service Cupid Media earlier this year exposed more than 42 million consumer records, including names, email addresses, unencrypted passwords and birthdays, according to information obtained by KrebsOnSecurity.

The data stolen from Southport, Australia-based niche dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from Adobe,PR Newswire and the National White Collar Crime Center (NW3C), among others.

The purloined database contains more than 42 million entries in the format shown in the redacted image below. I reached out to Cupid Media on Nov. 8. Six days later, I heard back from Andrew Bolton, the company’s managing director. Bolton said the information appears to be related to a breach that occurred in January 2013.

Read more on KrebsonSecurity.com. This apparently wasn’t news to Cupid Media, who claim to have notified affected consumers at the time of discovery in January.  It’s hard to believe that such a big breach flew under all the media radar – including this site. I wonder how many consumers they actually notified at the time and wonder why nothing about the breach came to the attention of those of us who generally try to keep on top of hacks and breach reports.

About the author: Dissent