Cupid media pty ltd. Contact Us

Cupid media pty ltd Rating: 5,5/10 1945 reviews

Cupid Media Pty Ltd: Own motion investigation report

cupid media pty ltd

Instead they were stored insecurely, in plain text. However the compromised passwords were not salted or hashed, or otherwise encrypted, before the data breach. While passwords may be guessed through computational 'brute-force' attacks, this becomes very difficult when strong hash algorithms and passwords are used. Had Cupid received an alert from the developer that the patch was available, but not applied the patch, the Commissioner may have considered there to have been a failure by Cupid to take reasonable security steps. The Commissioner therefore found that more stringent steps were required of Cupid to keep this information secure than may be required of organisations that do not handle sensitive information. Cupid explained that there is no requirement for Cupid's users to verify their name to open an account. Cupid identified that the ColdFusion vulnerability caused the data breach.

Next

Contact Us

cupid media pty ltd

Once the vulnerability was identified, Cupid immediately obtained and applied the patch released by the ColdFusion developer on all its servers to fix the vulnerability. Since its launch in 2000, Cupid Media has helped more than 30 million people look for love and grown from strength to strength, becoming one of the top niche dating networks in the world. However, as Cupid independently identified the patch and then applied it immediately, in the circumstances the Commissioner considered Cupid to have used patches effectively. Through our network of personalized dating services, we aim to connect singles worldwide with their true love, in a safe and fun environment. However, as Cupid independently identified the patch and then applied it immediately, in the circumstances the Commissioner considered Cupid to have used patches effectively.

Next

Contact Us

cupid media pty ltd

Following the data breach, Cupid also promptly initiated a password reset process for all its users. Instead they were stored insecurely, in plain text. The Commissioner's investigation focused on whether Cupid took reasonable steps to protect user information from misuse, loss, unauthorised access, modification or disclosure. Installation of malicious software malware detection and prevention software including antivirus software is a reasonably affordable security step that can assist organisations to prevent attacks by malicious hackers and the damage caused by malware. Further, effective use of patches can assist organisations to fix system vulnerabilities and other problems.

Next

Cupid Media Pty Ltd: Own motion investigation report

cupid media pty ltd

Personal information includes 'sensitive information'. In other words, the personal information pertaining to a significant number of accounts was not in use by Cupid. Cupid identified that the ColdFusion vulnerability caused the data breach. For this reason, Cupid considers that some of the full names and associated dates of birth involved in the data breach 'did not relate to real persons'. After considering the facts of the case, submissions from Cupid and the relevant provisions of the Privacy Act 1988 Cth Privacy Act , the Commissioner came to the view that Cupid had breached the Privacy Act by failing to take reasonable steps to secure personal information it held. Following the data breach, Cupid also promptly initiated a password reset process for all its users.

Next

Contact Us

cupid media pty ltd

Cupid explained that there is no requirement for Cupid's users to verify their name to open an account. However, the Commissioner noted that data other than credit and other financial information may be 'sensitive information' under the definition of that term in the Privacy Act. Where passwords are hashed, it is also very difficult for attackers to recover the plain text version of the password although the Commissioner acknowledged that tools are available to assist hackers with guessing passwords. The personal information that Cupid handles in relation to user accounts for these particular sites will include 'sensitive information' for the purposes of the Privacy Act. Separating an entity's network into multiple functional and informational segments makes it more difficult for an intruder to propagate inside the network. Had Cupid received an alert from the developer that the patch was available, but not applied the patch, the Commissioner may have considered there to have been a failure by Cupid to take reasonable security steps. On 13 December 2013, the Australian Privacy Commissioner the Commissioner opened an own motion investigation into Cupid.

Next

Cupid Media Pty Ltd: Own motion investigation report

cupid media pty ltd

For this reason, Cupid considers that some of the full names and associated dates of birth involved in the data breach 'did not relate to real persons'. Cupid advised that although the media had reported that 42 million users' accounts were compromised as a result of the data breach, this figure is not accurate because it includes 'junk' accounts and duplicate accounts. However, the Commissioner noted that data other than credit and other financial information may be 'sensitive information' under the definition of that term in the Privacy Act. The Commissioner also recommended that Cupid regularly review its data security processes to continue to aim for best privacy practise that protects the personal information of its extensive user base. This included encouraging users, as an extra security precaution, to reset passwords for different online services where the users used the same password as used for Cupid. Rectification The Commissioner found that Cupid acted appropriately in responding to the data breach.

Next

Contact Us

cupid media pty ltd

Further, effective use of patches can assist organisations to fix system vulnerabilities and other problems. To comply with this obligation, an organisation must have had systems or procedures in place to identify information the organisation no longer needed, and a process for how the destruction or de-identification of the information would occur. This included encouraging users, as an extra security precaution, to reset passwords for different online services where the users used the same password as used for Cupid. In response, Cupid took steps including applying the patch which fixed the vulnerability, which in turn stopped the attackers from obtaining further data. The definition of 'sensitive information' under the current Privacy Act is substantially similar to that which applied at the time of the data breach. Personal information includes 'sensitive information'.

Next

Contact Us

cupid media pty ltd

Rectification The Commissioner found that Cupid acted appropriately in responding to the data breach. The personal information that Cupid handles in relation to user accounts for these particular sites will include 'sensitive information' for the purposes of the Privacy Act. In respect of the data breach, Cupid customer information was accessed as a result of a hacking attack, in which the attacker penetrated security features to access the personal information online. The definition of 'sensitive information' under the current Privacy Act is substantially similar to that which applied at the time of the data breach. . Password encryption strategies such as hashing and salting are basic security steps that were available to Cupid at the time of the data breach that may have prevented unauthorised access to user accounts.

Next

Contact Us

cupid media pty ltd

In any case, Cupid estimates that the accounts and personal information of approximately 254,000 Australian users were compromised in the data breach. On 21 January 2013, Cupid identified a rogue file on one of its servers, and that a hacker had attempted to gain access to a particular table within its databases. The Commissioner considers password reset processes to be reasonable security steps and good privacy practise generally. In respect of the data breach, Cupid customer information was accessed as a result of a hacking attack, in which the attacker penetrated security features to access the personal information online. Section 6 provides that 'sensitive information' includes information or an opinion about an individual's racial or ethnic origin, political opinions, religious beliefs, or sexual orientation or practices. Nature of personal information Cupid stated that as it does not store credit card information or bank account data, less stringent steps could be required of it than organisations that store financial or sensitive data.

Next