BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Hackers after dating sites' data

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 19 Oct 2015 18:00:39 -0600
http://www.stuff.co.nz/technology/digital-living/73177327/hackers-after-dating-sites-data

Match Group, the corporate parent of Tinder, OkCupid and Match.com, is
planning to go public - which honestly won't have much impact on the 59
million people looking for love on its sites.

What could impact those people is a massive breach of sensitive personal
data, a la Ashley Madison. And in documents filed to the Securities and
Exchange Commission, Match admits that it could suffer the same sort of
incursion.

"We are frequently under attack by perpetrators of random or targeted
malicious technology-related events, such as cyber attacks, computer
viruses, worms or other destructive or disruptive software or distributed
denial of service attacks," the company writes.

"While we have invested heavily in the protection of our systems ... there
can be no assurance that our efforts will prevent significant breaches in
our systems or other such events from occurring."

The filings go on to say that it isn't just Match's systems that are at
risk of attack - but also the systems of outside, third-party vendors that
store user's personal data on their own servers.

If hackers went after these companies, the filings acknowledge, they could
potentially expose the personal data, payment information and site history
of millions of users.

On a hook-up app like Tinder, that record of past site use could basically
amount to a personal sexual history.Match also owns a number of niche
dating sites - including BB People Meet and Little People Meet - that could
be embarrassing to some users, if their user rolls leaked.

Admittedly, none of this is breaking news : We live in a world where,
increasingly, the constant risk of cyberattack is just the cost of doing
business. In the past 10 years, a major company has been hacked every seven
weeks, on average.

Still: It serves as a powerful reminder of exactly how precarious your
private data is, even when you entrust it to a large or seemingly
invulnerable company. No company is invulnerable anymore, Match's filings
make clear.

Just ask Ashley Madison and the Impact Team.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: