Online daters receive explicit emails after Guardian Soulmates website suffers data breach
A number of people who were members of the dating website Guardian Soulmates had their email addresses exposed following a data breach. The exposure of usernames and email addresses led to some users receiving explicit emails.
Human error has been blamed for the breach, with site owner Guardian News and Media (GNM) saying that the problem stemmed from a third-party technology provider. The issues meant that private details were made available via users' public profiles.
The matter has now been addressed and GNM says that steps have been taken to ensure that the incident is not repeated. The company points out that no other details -- such as credit card information or addresses -- were exposed.
In a statement Guardian News and Media said:
We can confirm we have received 27 inquiries from our members which show evidence of their email addresses used for their Soulmates account having been exposed. Our ongoing investigations point to a human error by one of our third-party technology providers, which led to an exposure of an extract of data.
It appears that only a very small number of subscribers were affected, so is there cause for concern? Ilia Kolochenko, CEO of security firm High-Tech Bridge, doesn’t believe so, but urges caution:
So far, I don’t see many reasons for panic -- the number of confirmed spam emails is very insignificant compared to the entire Soulmates database. Therefore, we can reasonably suppose that only a small amount of data was breached or leaked. Moreover, the spam campaign is apparently classic spam ads, and not a sophisticated targeted attack against website users. It's difficult to make any conclusions without additional technical details about the incident, but the data can even come from public sources -- many users of dating websites (un)intentionally expose their profile with their email on social networks for example.
Nonetheless, we cannot reliably exclude that the database was not compromised and this is just a test before a large-scale spear phishing campaign against Soulmates' users. Therefore, I'd recommend changing your Soulmates passwords and stay particularly vigilant these days -- it's certainly won't harm you to do so.
Image credit: pathdoc / Shutterstock