Cupid Media Dating Sites Break-in; 42 million passwords exposed (PMM still safe)
By Cyberfunk on Wednesday November 20, 2013

Hello everyone,

These are the kinds of posts I hate making, but I want to make sure that everyone out there is safe; in all sense of the word.

You may have already seen this in the news but the dating sites run by Cupid Media were hacked and they are reporting 42 million user accounts were "stolen". Breaches like this happen all the time, but this one was over the top stupid. The system stored member passwords in plain text; that means that there is no encryption, no hashing, not even a blanket thrown over it. The database basically spelled out, "My email address is _____ and my password is ______."

In this day and age that is completely unacceptable.

The biggest risk here is that people re-use passwords. So if someone gets your email and password combo from Cupid Media, they will try that same combo on other sites like here, your webmail accounts, and various banks.

Back in May of 2011 we took steps to protect our member's identity by "salting and hashing" all user passwords. You can check the news archives for more details, but the quick version is, the software takes your password, adds even more secret text to it, runs it through a high-level encryption routine and out pops a code. This code does not work the other way; you cannot take the code and work backwards to reveal the original password. There is no way for any employee or volunteer of PMM to know or see your true password.

If you were or are a member of one of Cupid Media's dating sites, and you have the bad habit of re-using passwords, I would suggest immediately downloading a password management application, and changing your passwords everywhere to something unique and difficult.

Take care, and be safe out there.

/Cyberfunk

P.S. Here is an article for reference: Link:(arstechnica.com)