Users of Guardian Soulmates have found themselves harassed with sexually explicit spam emails following a data exposure.
Guardian Soulmates, the Guardian newspaper publisher’s dating site, has seen its user base bombarded with targeted spam emails that contained personal information from their online profiles.
The company blamed the exposure on a third party and said that “human error” was the cause of the incident.
A spokeswoman for the company said that although Usernames and email addresses were the only data exposed this could be used to “find members’ publicly available online profiles.”
The problem came to light after an anonymous member of the public contacted the BBC and found that these spam emails were only being sent to an email address used to access Guardian Soulmates.
These emails contained both the email address, username, and other information that could “only have come from the Soulmates database.”
Marco Cova, Senior Security Researcher at Lastline said: “This breach is good reminder that every breach reveals data that criminals can use to launch additional attacks. They merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. The information that they gather does not have to be highly confidential in order to create successful attacks.”
“Every breach is a reminder of the importance of strong authentication measures in both personal and professional devices, networks, and web applications. The blurring of personal and professional use of enterprise assets such as laptops underscores the criticality of protecting organizations from the network core to the outer edges .”
Previous instances of dating sites being hacked, such as Ashley Madison or Beautiful People have led to similar information being sold on the black market and the deep web, or just posted online.
Guardian Soulmates charges users up to £32 a month in order to access the dating site.
This article is from the CBROnline archive: some formatting and images may not be present.