Guardian Soulmates website suffers data breach
Dating website exposes members to spam emails after a human error
Those looking for love on Guardian Soulmates have instead found explicit emails in their inboxes following a data breach.
Guardian News & Media, parent company of the dating site, ruled out any outside hack, instead blaming it on human error by one of its third party technology providers.
A spokesperson said: "We take matters of data security extremely seriously and have conducted thorough audits of all our internal systems and are confident that no outside party breached any of these systems.
"Our ongoing investigations point to a human error by one of our third party technology providers, which led to an exposure of an extract of data. This extract contained only members' email addresses and user ID which can be used to find members' publicly available online profiles."
It received 27 enquiries from their members showing evidence that their email addresses used in connection with their Soulmates account had been exposed.
One, who wished to remain anonymous, told the BBC: "I basically had been receiving spam ... directly referencing information that could only have come from the Soulmates database." Another said they had received sexually explicit emails as a result.
The incidents appear to have taken place last year, but one speaking to the BBC did not get a response from Guardian News & Media until last month.
Marco Cova, senior security researcher at malware specialist Lastline, said: "This breach is good reminder that every breach reveals data that criminals can use to launch additional attacks. They merge data from multiple sources, building dossiers on potential victims, including spear phishing targets.
"The information that they gather does not have to be highly confidential in order to create successful attacks. Every breach is a reminder of the importance of strong authentication measures in both personal and professional devices, networks, and web applications."
Guardian News & Media added that appropriate measures have been taken to ensure it doesn't happen again and advised that if any members are concerned they should contact firstname.lastname@example.org.
The company also highlighted that no personal data such as credit card details or dates of birth were compromised.
This is only the latest in a long line of online dating website breaches. Ashley Madison was attacked in July 2015 and revealed the sensitive data of 37 million people, although part of the motive behind the attack was to out and shame cheaters who were supposedly using the site for extra-marital affairs.
Main image source: Guardian Soulmates
WATCH: Learn more about the security threats facing businesses today and how to combat them in this free webinar WATCH NOW
The case for a marketing content hub
Transform your digital marketing to deliver customer expectationsDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now
IT faces new security challenges in the wake of COVID-19
Beat the crisis by learning how to secure your networkDownload now