Indeed I was more than surprised, almost angry if your personal information is stored in such a non-secure way. It is a very-known rule: do not use passwords like 1234567 or “password” or “Alison” and etc.
I refer to one of the latest news mentioned by KrebsOnSecurity of the year about hack to Cupid Media and about public exposure of almost 42 million of passwords, names, email addresses and other personal records of the members.
Hack attacks has been provided to the Australian server of Cupid Media. So what was the reason? The ends lead us to the 2013 Andrew Bolton, the managing director of the company, refers to some informations that indicated this date. At the beginning of that year technical specialists discovered suspicious networks activity – supposedly that was a hostile sign. So they informed suffered users to reset passwords in order to keep their membership in a secure way.
However the problem was in the plain text passwords. The system didn’t offer users to paste their passwords in the hardest way to uncover them for hackers. Indeed almost all information that was enclosed – were about accounts that were not able any more or just deleted from the main system but kept in storage.
So as it appeared that such enormous quantity of affected Cupid Media members was deeply less than indicated previously.
Very often many companies used to store the information about users who deleted their accounts still with the hope that they would come back probably.
Referring to the case with Adobe Corporation for example, they had 38 million of users but due to the breach they had before, they lost the information more than 150 people. Those part are not users but people who trusted their emails and passwords to the website.
While discovering this situation more specifically, unsecure point has been detected: using the same login info on different other websites – that gives no guarantee. Or for example one website ties login information to another network as well via email address.
The right decision is to reconsider secure system as Bolton marked. Cupid Media is developing their double verifying process of affected information. Still hashing of passwords is an improvement they work on. All members are informed to use only the strongest passwords to create and the system doesn’t let them to keep the profile if they neglect such requirements.
Company gave their sincerest apology to all members and they convince everyone that such inconvenience is that the only thing that gave them a puch to have additional investments for secure system as privacy of their people is the most important thing in this business.