Paris Cowan reports:
Australian online dating operator Cupid Media breached the Privacy Act last year when its lax security provisions were exploited by hackers and the personal details of up to 245,000 of its customers stolen, the Privacy Commissioner has found.
Cupid Media operates a number of niche dating forums based on ethnicity, sexual orientation and religion.
In January 2013, hackers exploited a vulnerability in the Adobe ColdFusion server platform to gain access to Cupid Media’s webservers. They were then able to upload a rogue ColdFusion file to the servers to run repeated sequel queries and gain unauthorised access to the contained customer data.
What they found was a treasure trove of full names, addresses, dates of birth and passwords for Cupid’s user base, stored as plain text.
Read more on ITNews.