The lonely hearts of the Guardian Soulmates service have been the recipients of lewd emails in the wake of a breach.
The information of users of the liberal dating website was apparently exposed in error by one of the company's third-party providers. Users were tipped off to the information's provenance when the bawdy spam they received contained information that could have only come from their user profile, such as their Guardian Soulmates username.
Guardian Soulmates is a dating service run by Guardian News and Media (GNM), the publisher of the Guardian and Observer newspapers. Its website offers “an instant meaningful connection with a like-minded person” and privacy policies which “mean you and your data are safe”.
That will be of little comfort to the users who told the BBC they had alerted the dating services to the emails they were receiving in November, only to have received an email confirming the incident at the end of April this year.
GNM confirmed in a statement that “we have received 27 inquiries from our members which show evidence of their email addresses used for their Soulmates account having been exposed”. GNM has advised affected users to get in touch with Soulmates' support team.
The statement added that the subsequent investigation points to a mistake “by one of our third-party technology providers,” which led to the exposure of some of the data.
The users at the other end of those 27 complaints may have been shocked, but Ilia Kolochenko, CEO of High-Tech Bridge, says ‘Meh'. He told SC, “so far, I don't see many reasons for panic – the number of confirmed spam emails is very insignificant compared to the entire Soulmates database.” The users were hit with spam as opposed to any kind of sophisticated attack, making this attack not particularly serious.
However, added Kolochenko, “We cannot reliably exclude that the database was compromised and this is just a test before a large-scale spear-phishing campaign against Soulmates' users. Therefore, I'd recommend changing your Soulmates passwords and stay particularly vigilant these days – it's certainly won't harm you to do so.”This kind of incident might seem familiar, if microcosmic, to the cyber story which blew up international headlines several years ago. Adultery social network, Ashley Madison, was breached in 2015, exposing the data of 37 million users to the world. In the wake of the breach, the perpetrator of which is still unknown, many users were subject to not only the exposure of their extramarital affairs but attempts at extortion and blackmail too.