Cupid Media hack exposes 42 million passwords (in plaintext)

Posted on Wednesday, November 20 2013 @ 13:30 CET by Thomas De Maesschalck
ARS Technica warns an attack on dating website Cupid Media exposed the personal details of 42 million user accounts. Besides names and e-mail addresses, the most worrying fact about the hack is that the attackers could also obtain the passwords and that these passwords were stored in plaintext, without any encryption. All Cupid accounts have had their passwords reset but users could be at risk for further attacks if they used the same email + password combination on other websites.
Making matters worse, many of the Cupid Media users are precisely the kinds of people who might be receptive to content frequently advertised in spam messages, including male enhancement products, services for singles, and diet pills.

The Cupid Media user records reviewed by Krebs contain the usual assortment of weak passwords. More than 1.9 million accounts were protected by 123456. Another 1.2 million used 111111. Users who used the same e-mail address and password to secure accounts on other sites are vulnerable to hijacking. Word of the Cupid Media compromise follows recent reports of password leaks from a host other sites or companies, including Adobe (150 million reversibly encrypted passwords), MacRumors forums (860,000), and web software developer vBulletin (number not disclosed).


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments