14 DAY TRIAL // The server on which the Adobe and PR Newswire data was discovered by experts also stored files apparently stolen from the systems of online dating service Cupid Media.
Brian Krebs has identified a database containing the email addresses, passwords, names and dates of birth of over 42 million Cupid Media users. Unfortunately, all the passwords are in clear text.
The attack on Cupid Media likely took place in January 2013. At the time, the company notified affected customers and reset the passwords of a particular group of users. However, the incident wasn’t disclosed to the public.
The company’s Managing Director, Andrew Bolton, has told Krebs that, after the breach was discovered, they hired a company to implement additional security measures, such as hashing and salting passwords. They’ve also enforced new rules to make sure that users set strong passcodes.
Bolton claims that many of the records stored in the database file obtained by the hackers are old, inactive or deleted. However, he has promised that the company will further investigate the incident based on this new information.
After being provided with the file found by Krebs, Cupid Media started “double-checking” to make sure that all affected customers had their passwords reset and received notification emails.
While this might not surprise anyone, many of Cupid Media’s customers had set passwords that were very easy to guess. Similar to Adobe customers, 1.9 million used the password “123456” and 1.2 million utilized “111111.”
The most popular non-numeric passwords are “iloveyou,” “lovely,” “qwerty,” “password,” “azerty,” “loveme,” “aaaaaa,” “mylove,” “iloveu” and “zxcvbnm.”
Most of the exposed email addresses are from Yahoo, Hotmail and Gmail. However, 56 belong to Department of Homeland Security employees, 11,508 to employees of the US military and 9,844 to US government employees.