back to article Data of 42 MILLION seekers for love plundered from Aussie dating site

A hack against online dating site Cupid Media that led to the exposure of the personal details and plain text passwords of 42 million consumers appears to have been pulled off by the same group of hackers who pulled off an even bigger pwnage against Adobe. Names, email addresses, unencrypted passwords and birthdays from the …

COMMENTS

This topic is closed for new posts.
Silver badge

Ummm

How can it be 42 million dateless Aussies when the total population is only 20 odd million?

4
0

Re: Ummm

All those lonely sheep in the Outback?

2
0
Bronze badge

Re: Ummm

Maybe it's the sheep that realised their prospects in the outback were limited and moved to the city?

1
0

Re: Ummm

I think the forgot to exclude the 41.5 million spambot accounts, which probably also accounts for the mass poor passwords.

3
0
Bronze badge

Re: Ummm

Think that is more likely to be 1.5m spam-bot accounts, and 40m "staff profiles, purely for testing purposes"

2
0
Silver badge

Re: Ummm

Because Cupid is full of fake profiles, even if their auditors can't find them.

0
0
Silver badge
Headmaster

Re: Ummm

Sorry to burst the bubble of humour, but a quick online check says:

"Cupid Media is a niche online dating network with over 30 million people internationally"

OK, so in one they say 30, and another they say 42. Critically its the "INTERNATIONAL" part that makes the difference.

0
0
Anonymous Coward

Re: Ummm

Yes, so we make that 41.5 million INTERNATIONAL spambot accounts.

0
0
Bronze badge

Re: Ummm

Well Spotted. INTERNATIONAL, eh? So those numbers include Tasmania as well then.

Got it

;o)

0
0
Silver badge
FAIL

Not just the users at fault

"Facebook won plaudits from security watchers for its actions but the schemes like this can only mitigate against the problem without dealing with its root causes, lamentably awful password security practices by many netizens."

Isn't another of the root causes that there are still organisations out there which were still, in 2013 and after all the other high profile data losses, allowing trivial passwords and storing them unencrypted as if salting and hashing were esoteric novelties? Arguably they were even more culpable than their poor dumb users since you'd expect whoever they got to build their site to be professionals who were aware of the risks and actually had a clue.

5
0

So, this basically says that Facebook can reverse your password? My understanding was that for 'good security', and Zuckerberg being the "elite hacker-type" the media portrays him as we shouldn't have anything less, the password hashing / salting should not be reversible.

I like how the spell-checker in Firefox suggests 'Cocksucker' as a correction for 'Zuckerberg'. Unhappy former employee, perhaps?

0
0

No reversal needed

They have a plain text dump. They can take these password, hash them with the same salt as the FB password, and see if they get the same hash as is stored in the database. You know, like what happens whenever you log in.

2
0
Silver badge

"the leaked data appears to be genuine"

Unlike 80% of the profiles on the site.

1
0
Bronze badge

Re: "the leaked data appears to be genuine"

I was wondering how many of the accounts were either fraudsters or prostitutes...

Although now we have a list of email addresses and a general gauge of how computer savvy they are, so now we'll be seeing fraud on the rise (mostly the classics: soldier in Middle East needs money to call home, 'hot woman' trapped in foreign country, green-carder, etc)

0
0
This topic is closed for new posts.

Forums