The Guardian’s online dating website has suffered some manner of data breach, with user information getting spilled and subsequently used in targeted spam emails of a sexually explicit nature.
Users of the Guardian Soulmates website have reportedly received spam messages which include details drawn from their site profiles, and according to one user who spoke to the BBC, the emails “directly [referenced] information that could only have come from the Soulmates database”.
Apparently, said user – who is employed in the IT arena – contacted The Guardian newspaper regarding the incident last November, and received a reply confirming the data leak late last month.
A spokeswoman for the Soulmates site told the Beeb that only email addresses and user IDs had actually been exposed, but that this information allowed malicious parties to dig up further details on members by finding and combing through their online profiles (which are public).
The data was leaked thanks to ‘human error’, the publisher of the newspaper noted, and it wasn’t the fault of a Guardian employee, but rather a third-party technology provider.
No more details were supplied about the source of the data spillage, but The Guardian confirmed that the problem no longer exists, as you would hope.
Soulmates is a dating service that folks can sign up for worldwide, and one of its selling points is privacy and moderation policies that ‘mean you and your data are safe’. Not so much in this case.
The Guardian has apologized to anyone affected – apparently the site has received 27 messages from users who have had their email addresses exposed, but there may be considerably more folks hit (or who will be hit) by the issue – and said that it was reviewing its use of third-party suppliers.
The sad truth is that data breaches are far from a surprise these days, with one coming after another without much batting of eyelids involved anymore. Last month we witnessed a huge breach at Wonga (a payday loan outfit) in the UK which affected almost a quarter of a million customers.
You can certainly take steps to guard your personal data against hackers to some extent, but if you’re using services on the internet, then there’s not much you can do if their security – or a related third-party working with the firm – is lax.