14 DAY TRIAL // British dating site Guardian Soulmates suffered a data leak which led to users being targeted with sexually explicit spam emails.
According to the BBC, which quotes the Guardian newspaper's publisher, "human error" was at fault for accidentally exposing people's private data. The issue, they said, has been fixed.
The publication quotes a user who started receiving spam messages featuring the username they used on the Guardian Soulmates site. They say they contacted Soulmates half a year ago because of concerns regarding the data that may have been taken.
A spokesperson for the site said that only email addresses and user IDs had been exposed directly, which could be used to find members' publicly available profiles. The information on public profiles, including photos, relationship preferences, and physical description, could also be accessed.
The same spokesperson said the site received 27 messages from members showing evidence that their email addresses had been exposed. "Our ongoing investigations point to a human error by one of our third-party technology providers, which led to an exposure of an extract of data," they said.
Not the first, nor the last
"This breach is good reminder that every breach reveals data that criminals can use to launch additional attacks. They merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. The information that they gather does not have to be highly confidential in order to create successful attacks. Every breach is a reminder of the importance of strong authentication measures in both personal and professional devices, networks, and web applications," said Marco Cova, Senior Security Researcher at Lastline, over email.
"The blurring of personal and professional use of enterprise assets such as laptops underscores the criticality of protecting organizations from the network core to the outer edges against advanced persistent threats and evasive malware that could be introduced as a result of an infected personal device targeted as a result of a prior data breach. Data breaches provide a distribution hub for malware for years to come," he added.
The site costs £32 ($41.50) per month to use and has been around since July 2004.